- On The Heels of Air Force Switch to iPhone, Apple Announces
  • On The Heels of Air Force Switch to iPhone, Apple Announces Serious Flaw in their SSL Implementation

    Fresh off the Announcement that the United States Air Force is trading in their BlackBerry's for Apple's iPhone, comes an announcement from Cupertino that they've discovered a serious security flaw in their implementation of their SSL/TSL data protection on not only OS X but for their iOS powered devices as well.

    In a support document regarding the patch for this specific problem Apple noted that the bug would allow "an attacker with a 'privileged network position' to capture or modify data protected by SSL/TLS."

    The security site CrowdStrike actually goes into more detail about how serious the flaw was:

    To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.

    This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).

    This security flaw and it's potential for exploitation only hammers home what BlackBerry said in a press release last week in response to the USAF announcement of their switch to iPhone:

    The ongoing threat of cyber attacks requires organizations to be vigilant about mobile security. For customers that have the highest security requirements, such as those in government, there is nothing more secure than a BlackBerry device managed by a BlackBerry Enterprise Server.

    There is a clear reason why BlackBerry has more government certifications than any other vendor, and the only enterprise mobility management vendor and handset maker to receive the Department of Defense “Authority to Operate” certification. Security is built into everything we do, and we've been doing it longer and better than anyone else.

    Perhaps this will cause the USAF to pause and rethink their decision. Given the history of providing secure communications for the DoD that BlackBerry enjoys, the better move for the "Aim High" folks would be to upgrade their aging fleets of Bolds and Curves to Q10's, Z10's and Z30's.

    If it's good enough for the Commander-in-Chief, shouldn't a BlackBerry be good enough for the guy (or girl) flying him around in Air Fore One?

    comments powered by Disqus
  • Sponsored Ad

  • Recent Comments

  • Most Commented

    The most commented articles on BlackBerryOS over the past 24 hours.
  • Recent Forum Posts



    Hi Friends,

    Good Afternoon,

    I Love Blackberry mobile..

    Arunachalam 08-21-2014, 03:24 AM Go to last post

    Passport and Classic in UK

    Sounds awesome! I'm seriously excited about this device, hoping that functionality (in this format / form-factor) will overcome whimsy and I'll be able

    weirdstuff 08-20-2014, 04:09 PM Go to last post
    Joe Jerde

    Passport and Classic in UK

    That was Chen's focus. Business sector. As long as they can start turning a significant profit, BlackBerry can comeback as a big marketshare player again.

    Joe Jerde 08-20-2014, 03:57 PM Go to last post

    New App: Taken - GPS Photo and Location data

    Application Name: Taken - GPS Photo and Location Data


    Ever wanted to know exactly where the photo

    Smiley88 08-19-2014, 10:13 AM Go to last post

    Passport and Classic in UK

    Hi, went to my local Carphone Warehouse store in UK, to ask about Blackberry Passport and Classic would they be stocking them?,
    was informed that

    merlin29 08-18-2014, 05:40 AM Go to last post
  • Sponsored Ad