Forgot your password?

RIM Patches BlackBerry Phishing Flaw


(Via: Blackberry Browser Security issue )

Research In Motion (NSDQ: RIMM) issued a security patch that fixes a vulnerability that potentially leaves BlackBerry users open to phishing attacks.
The flaw enables a malicious coder to trick BlackBerry users into visiting a potentially malicious Web site by making the device think the site is a trusted one. To exploit this, attackers would need to create a site that uses null characters in the certificate’s Common Name field. The device detects the mismatch between the domain name and the certificate, but the warning screen doesn’t display the hidden character, making the user think the site is trusted.

“The updated BlackBerry device software is designed to depict null characters in the BlackBerry browser dialog box that appears when the user visits a Web site with a certificate that does not match the site domain name,” RIM said in a security note. “In the updated BlackBerry device software, the BlackBerry device represents previously hidden null characters with a block, and highlights the non-matching portion of the domain name in bold.”

The security flaw was brought to RIM’s attention by Mobile Security Labs and CESG, and it impacts various BlackBerry models with the 4.5 version of the operating system or later. Individual users and BlackBerry Enterprise Software managers can check for updates from RIM’s Web site, and the company advises BlackBerry users to exercise caution when clicking on links they receive from SMS messages or e-mail.

The mobile platforms have not been a major target of malicious coders, particularly because the wide variety of operating systems makes mobile devices a harder target than Windows desktop machines. But as more users carry sensitive data on their handsets, most industry experts speculate it will only be a matter of time before a widespread mobile virus emerges.

5 total comments on this postSubmit your comment!
  1. This is the same flaw Ronen posted about earlier in the week?
    The same flaw that no carrier has released an OS update to fix yet???

  2. I couldn’t find any “updates from RIM’s Web site”. Please share if anyone finds it.

  3. just comments i wont shared information

  4. is this the reason y my blackberry internet browser hasnt been working, i cant even log on to aim or anything like that. then i call customer service, they make me delete all browsercofigurations from my service book, and i cant put it back on my phone. so im stuck with only tmobile browser and hotspot. i have no option anymore for the blackberry internet browser, anyone know how i can get it back. im going to give this a try if there is an update on the site, maybe it can fix my problem. This is So Frustrating.


  5. My question for RIM is, how exactly has this flaw been patched? There is no information listed in the above statement that explains that, other than stating “Device software updates”.
    In RIM’s original statement they said the following:
    Applications version to update to
    Version 4.5.0.x -> Version or later
    Version 4.6.0.x -> Version or later
    Version 4.6.1.x -> Version or later
    Version 4.7.0.x -> Version or later
    Version 4.7.1.x -> Version or later

    However, the problem here lays in the fact that TECHNICALLY, you have to rely on your CARRIER to release the OS update. Just doing a quick search for the current available OS upgrades from carriers, I see the following:
    8350i Most Current Upgrade:
    8330 Sprint Most Current Upgrade:
    8900 TMO Most Current Upgrade:
    8520 TMO Most Current Upgrade:
    8320 TMO Most Current Upgrade:
    8900 ATT Most Current Upgrade:

    So how exactly are users supposed to “upgrade” their device software to fix this flaw and still stay within the “Technical” warranty requirements of their carrier?

    Most carriers won’t check the OS version to see if it is an “official version authorized by them” if a device comes back in for a warranty replacement, however, they could.

    So what is the average Joe Consumer to do? Wait on an official OS upgrade? Search the internet to find a leaked BETA?

    RIM said a long time ago (about a year ago) that they were going to “take the OS upgrades out of the carriers hands”. So why hasn’t that been done yet? And when are the carriers planning on releasing new software in order to “patch” this flaw”?

    So in closing, like I mentioned to begin with, where is the “patch” at in the above statement that RIM released? There is no real information there for anyone to gather anything off of.

1 pingback on this post

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2018’ BerryReview LLC