Forgot your password?

BlackBerry 10 BES Security Hole Found in Android Runtime Accessing Work Contacts


BlackBerry is working to plug an interesting security hole found by Frank Büttner at ABS Team GmbH in Germany. He had a BlackBerry 10.2.1 device on a BlackBerry Enterprise Server and found that Android apps could access his business secured contacts. These contacts are supposed to be inaccessible from Android apps like Skype since Android Runtime apps are not allowed in the work partition.

This sort of access breaks the BlackBerry Balance model so it is very interesting to see that they only noticed it now after the OS version shipped. BlackBerry has already confirmed that they have fixed the vulnerability and are waiting for carriers to push out the OS update to plug the hole. This is yet another reason why BlackBerry needs to find a way to push out OS updates without carriers.

via (German)

7 total comments on this postSubmit your comment!
  1. Don’t even have 10.2.1 yet.
    Was never a fan of them going the Android runtime route, inevitable to have flaws.

  2. Does this mean there could be a leaked OS floating around somewhere that we have yet to get our hands on? Then again, why [wait for carriers to] push out an OS update when they can just update the runtime in BB World? Or is it an actual OS hole that can be exploited by the runtime?

  3. Fixed in 2142:



BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2018’ BerryReview LLC