Forgot your password?

BlackBerry 10 BES Security Hole Found in Android Runtime Accessing Work Contacts

leaking-house 

BlackBerry is working to plug an interesting security hole found by Frank Büttner at ABS Team GmbH in Germany. He had a BlackBerry 10.2.1 device on a BlackBerry Enterprise Server and found that Android apps could access his business secured contacts. These contacts are supposed to be inaccessible from Android apps like Skype since Android Runtime apps are not allowed in the work partition.

This sort of access breaks the BlackBerry Balance model so it is very interesting to see that they only noticed it now after the OS version 10.2.1.537 shipped. BlackBerry has already confirmed that they have fixed the vulnerability and are waiting for carriers to push out the OS update to plug the hole. This is yet another reason why BlackBerry needs to find a way to push out OS updates without carriers.

via Heise.de (German)

7 total comments on this postSubmit your comment!
  1. Don’t even have 10.2.1 yet.
    Was never a fan of them going the Android runtime route, inevitable to have flaws.

  2. Does this mean there could be a leaked OS floating around somewhere that we have yet to get our hands on? Then again, why [wait for carriers to] push out an OS update when they can just update the runtime in BB World? Or is it an actual OS hole that can be exploited by the runtime?

  3. Fixed in 2142:

    access_pimdomain_enterprisecontacts
    deny sys.android.*

    😀

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC