• New Vulnerability Found On PlayBook OS 1.0 Bridge

    Security researchers at this years Infiltrate security conference have discovered a new vulnerability that has potential to allow malicious applications to access personal information. Zach Lanier & Ben Nell both of the Intrepidous Group are responsible for finding the vulnerability.

    This particular vulnerability relates to the PlayBooks native applications. When a native application for the PlayBook is created the developer has access to a unique file called the .ALL file. This file on the QNK based system allows them access to shared data or files. In short, there is a flaw which allows native developers access to files they should not have access to.

    The .ALL file when used security researchers allowed them to access a PlayBook owners bookmarks, Wi-Fi access points, BBM username and info, desktop manager token, and the BlackBerry Bridge token. This token is pretty much the key that connects the BlackBerry device to the PlayBook. The Bluetooth connection between the PlayBook and phone is secure, but the problem is that this token can be used by a native developer to query the bridge for data they should not have access to.

    RIM has spoken out about this vulnerability in the following official statement:

    Media Statement: Infiltrate conference
    “The BlackBerry PlayBook issue described at the Infiltrate security conference has been resolved with BlackBerry PlayBook OS 2.0, which is scheduled to be available as a free download to customers in February 2012. There are no known exploits and risk is mitigated by the fact that a user would need to install and run a malicious application after initiating a BlackBerry Bridge connection with their BlackBerry smartphone.”
    So there you have it. It looks as though RIM will not be fixing this, as they state that OS 2.0 has resolved the issue. It seems as though the PlayBook and its QNX based OS is getting its fair share of security testing.
    This article was originally published in forum thread: New Vulnerability Found On PlayBook OS 1.0 Bridge started by ice2921 View original post


    comments powered by Disqus
  • Recent Comments

  • Most Commented

    The most commented articles on BlackBerryOS over the past 24 hours.
  • Recent Forum Posts

    tarynjames

    BBM

    Is there anyway that i can change bbm on my blackberry passport to the bbm version on android phones.....my mum has a samsung and i much prefer the bbm

    tarynjames 08-17-2017, 04:13 AM Go to last post
    tarynjames

    BBM feeds not working

    i have a blackberry passport and i swiped the phone. i have been using bbm fine for a few weeks but now all of a sudden, only peoples status's are changing

    tarynjames 08-17-2017, 04:13 AM Go to last post
    Absinthe

    How-To Recover A Nuked Blackberry - with Pictures

    Hi - If I do this, is all my data (schedule, phone book) lost? Can it be salvaged?

    Absinthe 08-16-2017, 10:31 AM Go to last post
    tarynjames

    BBM

    Is there anyway that i can change bbm on my blackberry to the bbm version on android phones.....my mum has a samsung and i much prefer the bbm on her

    tarynjames 08-16-2017, 05:09 AM Go to last post
    tarynjames

    BBM feeds not working

    i have a blackberry passport and i swiped the phone. i have been using bbm fine for a few weeks but now all of a sudden, only peoples status's are changing

    tarynjames 08-16-2017, 05:07 AM Go to last post
  • BlackBerryOS.com Weekly Poll

    WILL YOU BE PURCHASING THE ANDROID POWERED BLACKBERRY NEON/DTEK50? (Votes: 38)

    1. Yes (Votes: 17)

    2. No (Votes: 17)

    3. Undecided (Votes: 4)