BlackBerry has issued a security advisory to customers who have purchased the company's Z10 smartphone—the flagship device of BlackBerry's relaunch in February. A bug in the system designed to help users find their lost cell phone could be used to gain access to the phone, either physically or over Wi-Fi.
The bug isn't in the BlackBerry 10 OS itself, but in the BlackBerry Protect application. A malicious application could take advantage of weak permission controls in BlackBerry Protect to reset the password on the Z10 or prevent the phone's owner from remote-wiping it when the phone is lost. If an attacker has the phone in hand, the bug in Protect could be used to gain access to the phone's functionality and the owner's personal data; the bug and a malicious application could be used to expose the phone over Wi-Fi and allow a user to pilfer files from the device.
BlackBerry (the company formerly known as Research In Motion) went out of its way to get its Z10 smartphone and the BlackBerry 10 operating system certified as secure well before launch, getting the US government seal of approval with FIPS 104-2 certification last November. The company is downplaying the immediate risks of this vulnerability, as there is no known exploit using the bug in the outside world and the worst risks require a combination of a user installing a malicious application and then an attacker gaining access to the phone. The Wi-Fi attacks are only possible if the device's owner has turned on Wi-Fi access.
Read on Ars Technica | Comments