Earlier this morning we were contacted by a rep who wanted to put us in touch with the Intrepidous Group who just gave a speech at the Infiltrate conference (Miami Beach). They claim that they have identified “several high risk vulnerabilities with RIM’s Blackberry Playbook that allows malicious applications to access personal information, contacts, and emails from connected Blackberry phones.” I am still waiting to hear back from them about the vulnerabilities but until then I reached out to RIM to see what they had to say.
Here is RIM’s response:
Media Statement: Infiltrate conference
“The BlackBerry PlayBook issue described at the Infiltrate security conference has been resolved with BlackBerry PlayBook OS 2.0, which is scheduled to be available as a free download to customers in February 2012. There are no known exploits and risk is mitigated by the fact that a user would need to install and run a malicious application after initiating a BlackBerry Bridge connection with their BlackBerry smartphone.”
In other words it looks like RIM is saying that it is an issue with the current PlayBook OS but would require a user to install malicious software which is not as simple as it sounds. It should be interesting to see how this plays out. I have read some of the intricate details RIM has put into the security of the PlayBook and its Bluetooth bridge connection which makes me wonder what attack vector Intrepidous Group is using.