- On The Heels of Air Force Switch to iPhone, Apple Announces
  • On The Heels of Air Force Switch to iPhone, Apple Announces Serious Flaw in their SSL Implementation

    Fresh off the Announcement that the United States Air Force is trading in their BlackBerry's for Apple's iPhone, comes an announcement from Cupertino that they've discovered a serious security flaw in their implementation of their SSL/TSL data protection on not only OS X but for their iOS powered devices as well.

    In a support document regarding the patch for this specific problem Apple noted that the bug would allow "an attacker with a 'privileged network position' to capture or modify data protected by SSL/TLS."

    The security site CrowdStrike actually goes into more detail about how serious the flaw was:

    To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.

    This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).

    This security flaw and it's potential for exploitation only hammers home what BlackBerry said in a press release last week in response to the USAF announcement of their switch to iPhone:

    The ongoing threat of cyber attacks requires organizations to be vigilant about mobile security. For customers that have the highest security requirements, such as those in government, there is nothing more secure than a BlackBerry device managed by a BlackBerry Enterprise Server.

    There is a clear reason why BlackBerry has more government certifications than any other vendor, and the only enterprise mobility management vendor and handset maker to receive the Department of Defense “Authority to Operate” certification. Security is built into everything we do, and we've been doing it longer and better than anyone else.

    Perhaps this will cause the USAF to pause and rethink their decision. Given the history of providing secure communications for the DoD that BlackBerry enjoys, the better move for the "Aim High" folks would be to upgrade their aging fleets of Bolds and Curves to Q10's, Z10's and Z30's.

    If it's good enough for the Commander-in-Chief, shouldn't a BlackBerry be good enough for the guy (or girl) flying him around in Air Fore One?

    comments powered by Disqus
  • Sponsored Ad

  • Recent Comments

  • Most Commented

    The most commented articles on BlackBerryOS over the past 24 hours.
  • Recent Forum Posts


    new thread

    Hi! I am Sacharsmith. I am the new member of this forum. I hane a good knowledge of the blackberry os. I have also stuff on yhe otherdevices of the hp.

    marshel 01-28-2015, 05:24 AM Go to last post

    [FREE][Native] Pocket Doctor - All about Health and Medical

    . Medical Health Encyclopedia: A-Z listings of medical conditions.
    . Symptoms analyzer: a disease diagnosis by body area.

    tanphat1412 01-27-2015, 07:57 AM Go to last post

    i need some help in a specific case!!

    Any luck with the new clean install?

    Altijdzwart 01-26-2015, 03:45 AM Go to last post

    i need some help in a specific case!!

    hi to everyone,

    I'm using one blackberry bold 9900, and i have some troubles with internet connection,

    i tried

    h0feer 01-25-2015, 07:41 PM Go to last post


    There are plenty of apps, but I think that the "Big Names" are holding back until the launch.......!!!!!!!!!!!!

    tolka 01-24-2015, 05:58 AM Go to last post
  • Sponsored Ad