Comment Re: Great, fully owned by Silent Circle (Score 4, Interesting) 59
The issue with Silent Circle isn't their jurisdiction. It's that their code is of deeply questionable quality. They recently had a remote code execution exploit that could be triggered just by sending a text message to their phone. It's been literally years since one of these affected mainstream software stacks, so how was that possible?
Well, they wrote their own SMS parsing code, in C, and used JSON to wrap binary encrypted messages and there was a bug that could cause memory corruption when the JSON wasn't exactly in the form they expected.
The amount of fail in that sentence is just amazing. They're a company which justifies its entire existence with security, writing software to run on a smartphone where the OS itself is written in a memory safe language (Java) and yet they are parsing overly complex data structures off the wire
After learning about that exploit and more to the point, why it occurred, I will strongly recommend against using Silent Circle for anything. Nobody serious about security should be handling potentially malicious data structures in C, especially not when the rest of the text messaging app is written in Java. That's just crazy.