Home / News / Mobile Phone News / BlackBerry Security Breach Confirmed By RIM

BlackBerry Security Breach Confirmed By RIM

David Gilbert


BlackBerry Security Breach Confirmed By RIM

The fifth annual Pwn2Own hacker challenge which took place earlier this month has thrown up a security flaw in RIM’s BlackBerry OS 6.0 which has led the Canadian company to recommend all users turn off JavaScript.

Competitors in the hacker challenge discovered a vulnerability in the BlackBerry Browser. If a user visits a maliciously-designed website then it could allow a hacker gain access to personal data from the particular phone. Hackers will however only be able to gain access to information stored on media cards and in-built phone media and not any information stored in apps such as email, contacts or passwords. The vulnerability can only be exploited in BlackBerry OS 6.0 devices because they utilize the WebKit browser engine – devices running BlackBerry OS 5.0 are unaffected.

However with devices such as the Torch 9800, the Bold 9780 and the Curve 9300 all affected there will be a lot of people out there who are vulnerable. WIth a huge amount of business people using these phones, RIM is contacting IT departments to warn them of the problem and suggesting they turn off JavaScript to protect their systems. BlackBerry began redesigning its browser in 2009 when it purchased the open source web browser developer, Torch Mobile, whose flagship Iris Browser is based on the open source Webkit browser engine.

While this breach will be seen as embarrassing and potentially dangerous for RIM, who previously had a reputation for excellent security measures, the necessity for them to look to a more open source environment meant this was always going to be a possibility.

Source: PC World


March 17, 2011, 3:31 pm

I wonder if the ObamaPhone is vulnerable as well...


March 18, 2011, 5:43 am

Your closing remarks make it sound like the choice of opensource is a sort of disadvantage. If one reviews the methods employed in digging out bugs, e.g., fuzzing etc. you'll find out that open/closed is actually of no consequence.

Also worthy of note is the fact that the researchers who exploited the flaw in RIM's blackberry browser admitted that it was a very difficult exercise given the absence of available documentation.


March 24, 2011, 9:44 pm

I can only find news on this here and in the link page. Can anyone tell me if this is an issue or not still and where I can find even MORE information on this before I scare the whits out of my supervisors and staff and disable javascript until I can find out if this has been fixed? Any help would be *greatly* appreciated. Thanks!

comments powered by Disqus