BlackBerry vulnerability exposed at Pwn2Own; no fix in sight

In light of a WebKit vulnerability discovered at this year’s Pwn2Own conference in Vancouver, Research In Motion has issued a bulletin for its most security conscious customers. Affecting handsets running BlackBerry Device Software version 6.0 or higher, the exploit could allow an attacker to gain access to data stored on the media card or in the media storage area built into BlackBerry devices. RIM notes that the vulnerability does not grant attackers access to email, calendar, contact, or application store data. Regardless, if you’re reading this with your tinfoil hat on, the company has issued a list of workarounds that can mitigate your risk to the hack. Standalone users can disable JavaScript in their Internet browser — JavaScript is not the root of the problem, but the use of JavaScript is required to execute the vulnerability. BlackBerry Enterprise Server administrators can disable the BlackBerry browser altogether from the BES console — which, as you can imagine, has other implications. RIM has yet to comment on when a more permanent fix might become available, but it has issued a statement saying it is, “investigating the issue to determine the best resolution for protecting BlackBerry smartphone users.”

Read

blog comments powered by Disqus