UPDATE: I forgot to note that RIM will probably issue a OS fix or update for this issue. Problem is RIM has shot themselves in the foot in this regard and will probably have to wait for each carrier to certify the OS before they can release the potentially critical OS update. I know RIM has been working on being able to do smaller OS updates without a full update but they have yet to do one.
I never thought the day would happen. The brand new BlackBerry WebKit browser has been exploited in a drive-by-download attack at the Pwn2Own contest this year. Three hackers, Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann, used a combination of an information disclosure bug and a integer overflow flaw to break into a BlackBerry Torch and steal the contact list and the image database. These are the same guys that won last year for hacking the iPhone.
The hack was done on a BlackBerry Torch 9800 running a much older OS 18.104.22.168 but the security researchers say it also works against the latest OS versions. Kind of scary right? The WebKit browser is one of RIM’s first forays into Open Source software on the BlackBerry and this is one of the harder security problems with open source. What is really impressive is that they managed to get past the browser and into the Java virtual machine to extract information. They used the information leakage bug to see parts of the device memory to figure out how to exploit the device.
According to ZDNet, RIM’s security response team was on hand while the hack was going on and their director of security response, Adrian Stone, said he would work to confirm if the vulnerability still exists in the latest OS. Stone had this to say to ZDNet: “It happens. It’s not what you want but there’s no such thing as zero code defects.”
I agree with Stone but it is pretty crazy that the BlackBerry browser was exploited and had no security beyond that. This seems to point to an issue of the BlackBerry having security by obscurity since not many people know the inner workings on the BlackBerry Java virtual machine behind the app layer.
Check out more details on the exploit over at ZDNet. My mind is still reeling from the news and I expect we will be hearing an announcement from RIM soon…