Way back in April we pointed out some of the documentation RIM provided on the security features of the BlackBerry PlayBook. Those security features were put to the test by penetration testers working for NGS Secure who poked and prodded both actual PlayBook devices and the simulators and confirmed the devices security.
I did love some of the lines from the first part of the report which was just released like:
Although Neutrino is similar in many ways to a traditional UNIX environment, the QNX microkernel is substantially different from the monolithic Linux kernel.
Other stuff I found more interesting like the fact that early versions of the PlayBook simulator ran every application as Root but that has changed and now each app is assigned their own user and group for sandboxing. Also worth noting is the fact that the upd account is right behind root in terms of access to the system. On the other hand most people like developers will be relegated to the devuser which has very little privileges. NGS also tried mounting the file system and didn’t have much luck. On the other hand they found that the PlayBook runs NetBSD’s Bozotic HTTP server which is running as root which is odd… They found some interesting files through this web server but only managed to get them to crash the device. They also managed to make the device stop responding with a specially crafted HDMI fuzzer but once again nothing useful was gained from that. NGS also harped about the PlayBook allowing unsigned code in development mode but nothing much came of it.
The report is quite interesting if you want to learn about the attack surface of the PlayBook or simply what you can try to use to compile your own code or learn more about the OS. Check out the full PDF report on this page or directly at this link.
Thanks to everyone who sent this in!