BlackBerry Has Planned Patches For The Remaining Services That Are Vulnerable From The HeartBleed Bug

Heartbleed.png

The Heartbleed whilst seems to have taken the security industry by storm, somehow, it always seemed to make BlackBerry look bad. Reuters seems to have taken a liking to push BlackBerry into the abyss now, from their misleading news article title earlier, to singling BlackBerry out as the bad guy to patch their service whilst the other platforms are still so vulnerable. Nonetheless, it is just a small portion of available services so, hang in tight!

BlackBerry Ltd said it plans to release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.

Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.

“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.

Some updates are out, while others, like BlackBerry, are rushing to get them ready.

And here you have it. BlackBerry admitting the flaw and getting the patches done whilst the rest… probably don’t know what is going on.

Via Reuters

8 total comments on this postSubmit your comment!
  1. It seems none of the mobile OS were vulnerable, apart from one version of Android, BlackBerry doesn’t really have an edge here.
    Many companies have to update their apps, so BlackBerry is not doing any worse than their competitors.

    BlackBerry has updated their answer:
    http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB35882&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

    but they still don’t mention the part of the infrastructure which was vulnerable…

    This is not very reassuring if the endpoint was compromised:
    “This vulnerability is mitigated by the connection architecture, in that the service only connects to a known and trusted end point.”

  2. Hello Ronin,

    Is it just me or does it appear that BlackBerry is more concerned about Apple and Android security than either of these platforms?

    PS- Chag Sameach

  3. I totally agree Luis, but their lack of action makes it appear they just don’t care.

  4. Very small risk is a risk nonetheless, a compromise by leaving the key in the door or under the mat is the same as long as the person looking for it knows how and where to look.

    P.S.: I couldn’t help notice the GOOD ad at the bottom of the page attacking blackberry…lol

1 pingback on this post

Leave a Reply

Login with:

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2014’ BerryReview LLC