Forgot your password?

RIM Responds to iPhone 4S Hackers Claims at Pwn2Own

WebKit branch Change Timeline

We told you yesterday about a group of Dutch security researchers from Certified Secure who hacked the iPhone 4S and IOS. They used a WebKit exploit by stringing along a zero day vulnerability along with a few other techniques to access the address book, contacts, photos, videos, and browsing history of any user who visited the website. This exploit worked in iOS 5 and the iOS 6 Gold Master beta and also works on the iPad, iPod Touch, and iPhone 4. These same security researchers then went on to say that BlackBerry devices are much easier security targets than the iPhone or even Android.

I doubted their claims due to lack of any proof but decided to reach out to Adrian Stone, RIM’s Director of BlackBerry Security Response, for a statement. Here is the official statement we received:

“Mobile Pwn2Own provides a safe environment for researchers to demonstrate their work and a valuable opportunity to collaborate with the security community. RIM products are designed, manufactured and supported by a robust security architecture that helps protect our customers and their information. By using a multi-layered approach to security, the BlackBerry platform offers customers industry-leading, third-party certifications, advanced encryption, 24/7 security response team and unparalleled enterprise management capabilities. As the mobile threat landscape evolves, our unwavering commitment to end-to-end security and innovative research will ensure we continue to provide the unique level of protection our customers have come to rely upon.”

While it is not a resounding “no the BlackBerry browser is secure” it goes to show that RIM is actively engaging security researchers. They even sponsored the Pwn2Own event that led to this hack being unveiled. RIM has been bitten by WebKit open source browser vulnerabilities in the past so it could be that we will see OS updates rolling out for it shortly. Either way I am very curious to see what security features RIM is baking into BlackBerry 10 to ensure they are ready for the next 10 years of threats.

10 total comments on this postSubmit your comment!
  1. Yep, its of interest to everyone to balance function and security.

  2. I hope BB10 fixes what seems to be an outdated browser in terms of security.

  3. I think these guys are full of shit. Iphone better security really who paid them to say that. Even if the webkit had holes Rim would have secured it by now. Obama for god sakes use the phone that shit has to be tight your tell me he never use the browser on his phone. Also im sure once bb10 is not going stright to the internet but going to the nook first we will be ok.

  4. That statment is a smokescreen.
    RIM need to come clean or prove the exploit doesn’t work or someone might make them look bad…again.

    • yeah I was hoping for more too though who knows. I know that at least for BlackBerry smartphones the browser runs as a user process so it only has access to the memory card and not to other things like this hack has shown access to the contacts and email.
      On the other hand I remember when the PlayBook had the webkit vulnerability they said that if you opened up a vulnerability executing email then it would be able to do RCE (remote code execution) in the context of the messages app

      • Indeed and that’s why I was hoping RIM would say something along the line of: “Yes, our webkit implementation is old and you can poke holes through it, but it doesn’t give you access to user data like on iOS and Android”.

        But as you’ve mentioned, we’ll find out soon enough if it applies to BlackBerry devices, since I doubt they’ll leave this one open given their customers’ list.

        Regarding the messages app’s context, a webkit exploit could maybe give you access to contacts, texts and emails since it’s a unified inbox…

  5. Yeah, it was a bit of a generic response. It definitely would have been better had they talked specifically about Ronen’s question. I am still very skeptical of the hackers claims though

  6. Do you have by chance a Hebrew calendar for BB 9780 with overseas entries? Cannot use the iPhone

1 pingback on this post

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2018’ BerryReview LLC