In an effort to increase our product security and reward talented security researchers, Blackphone and Silent Circle launched the Bug Bounty program on September 23rd, 2014. We are very pleased with the level of participation from the research community as well as the progress of the Bug Bounty program itself. Further, we consider the collaboration between the research community and Silent Circle a huge success.
The success of the Bug Bounty program rests upon researchers submitting their findings safely and securely, without fear of retribution. When individuals who share our passion for security like Mark Dowd (@mdowd) submit valid findings, it is with respect and gratitude that we continue our mission to get the bugs fixed efficiently and effectively. Doing so allows us to collaboratively produce secure apps.
Mr. Dowd reported a vulnerability in the Silent Text application to Silent Circle. We have since patched that vulnerability and are pleased that Mr. Dowd agrees it has been resolved by an update to the application. Silent Text v1.8 contains the update to address this vulnerability; in order to ensure your client is not vulnerable, please download version 1.8 from the publicly available App Stores if you have not already done so. At this time there are no known publicly available exploits that would be capable of taking advantage of the vulnerability reported by Mr. Dowd.
The technical details of Mr. Dowd’s findings are available on his blog. This was an example of great research and we are extremely appreciative of his efforts.
Again, Silent Circle and Blackphone are proud to continue working with the research community through the Bug Bounty program to deliver secure products to the market. We encourage researchers to use this secure channel for reporting vulnerabilities such as this, and are pleased to reward their hard work.
Cheers to Security, Privacy, and Transparency