Forgot your password?

Black Hat 2013: Sessions on BlackBerry 10 Security, Ultimate Android Root Exploit & iOS Charger Malware

Security Fail

There are some interesting briefings happening at the blockbuster hacker convention, Black Hat 2013, in Vegas at the end of next month. We have all the major mobile OS developers (except Windows Phone) covered by multiple sessions with Android taking the prize. What I found very interesting is a dedicated session by Ralf-Philipp Weinmann who is a postdoctoral researcher at the LACS (Laboratory of Algorithms, Cryptology and Security) of the University of Luxembourg. Here is how he describes his session:


BlackBerry prides itself with being a strong contender in the field of secure mobile platforms. While traditionally BlackBerryOS was based on a proprietary RTOS with a JVM propped on top, the architecture was completely overhauled with BlackBerryOS 10. Now the base operating system is the formerly off-the-shelf RTOS QNX, which doesn’t exactly have an excellent security track record. Moreover, for the first time in BBOS history, native code applications are allowed on the platform.

This talk will present an analysis of the attack surface of BBOS 10, considering both ways to escalate privileges locally and routes for remote entry. Moreover, since exploitation is only half the work of offense, we’ll show ways for rootkits to persist on the device. Last but not least we will settle whether BlackBerry Balance really holds what it promises: are mobile devices really ready to securely separate crucial business data from Angry Birds?

Now that is definitely a session I would love to sit in on though I am not sure if it will have any practical ramifications. The main thing Weinmann is highlighting is that the BlackBerry OS is no longer a black box like the previous models. On the other hand we have quite a few researchers digging into some crazy exploits on Android and iOS. We have one team who is going to detail exactly how to inject malware into iOS devices via malicious chargers. This exploit works on non-jailbroken and jailbroken devices and all current generation devices.

On top of that they have quite a few sessions on Android security issues. The most interesting one is the “Android: One Root to Own Them All” which is essentially a huge security bug that was disclosed to Google in February. It allows any malicious developer to modify an APK install file without breaking the signature and add malicious code. It works on a wide number of Android devices across generations and architectures with little to no modification. This is stressed even further by the Spyphone briefing where researchers are showing off how they can inject a SpyPhone service into any Android application and track the phones location, intercept phone calls, sms, email, contacts, camera, and everything without being detected. There are a few others that are also of interest attacking NAND flash itself and attacking page tables.

Let us know if you will be going to Black Hat 2013!

PS: There is also a great session at the DefCon conference on Defeating the NSA’s SEAndroid which Samsung is using to tout their enterprise readiness and security. Pau Oliva Fora is set to describe how Vendors “FAIL in properly implementing SEAndroid protection.”

Image Credit: Failblog

6 total comments on this postSubmit your comment!
  1. You go and give us the summary please, are we safe???

  2. I have no doubt that they will root BB10 and that’s good news for people who’d rather have rooted devices.
    I suspect Balance is relying heavily on jails or user permissions. which means that if you’re root, you should have access to those files as well.

    And it’s interesting to note that SEAndroid’s problem seems to only be related to its implementation. SELinux is a pretty good extension.

    • It should be an interesting presentation. My guess is that it will be found to have holes but not sure how far up they go.

      Selinux is pretty solid if you configure it right but it’s just a huge bandaid in the Android implementation due to the total lack of security higher up the stack. Google really needs to be the one to address it

      • Well, after today’s earning report, I really hope for their sake that the browser is the only point of entry since it could be easily be fixed via policies on devices containing sensitive data.
        I hear of so many companies changing MDM already, that having a vulnerable OS would only accelerate the pace at which they do.

        If Cynogenmod can fix the apps segregation problem, so could Google, but you’re right, there needs to be a will. I’m willing to bet that 5.0 is going to be huge in terms of architectural changes.

1 pingback on this post

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2018’ BerryReview LLC