Forgot your password?

Vulnerability Affects 2 Billion Devices Including Z10


Two research consultants with Accuvant Labs have discovered a security vulnerability that affects over 2 BILLION phones, including the HTC One M7 and the Blackberry Z10. The vulnerability, which they will officially present at next week’s Black Hat security conference, involves an open-source device management tool, used by many many vendors and carriers for OTA updates, remote device wipes, and more. In light of the recent accolades for security that have been heaped on (and trumpeted by) BlackBerry, this is a potential black eye that could affect their comeback if not remediated quickly. Consumers almost expect Android to be insecure, these days, but BlackBerry will be crucified in the media for the slightest potential soft spot.

***CAVEAT: Since more specific details have not yet been released by the discoverers, it is currently unknown which Z10 OS versions and/or which carriers are, or were, vulnerable. Since specific iOS version and carrier details *were* published, I felt it safer to assume, for the moment, that a general statement of warning about the Z10 was warranted.

Read the entire article at


14 total comments on this postSubmit your comment!
  1. Wait, wait, what?

    Z10 only? Not BB10?

  2. reading the comments at mentioned article,
    you should add a ‘?’ to your title.
    No OS Version specified, no Carrier specified yet –
    we should wait for more details

    • The vulnerabilities, they say, were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers.

      Two phones that provided the highest level of exploitation were the HTC One M7 and the Blackberry Z10.

      These statements don’t seem to indicate any question mark. Given that no statements have been made by BlackBerry or any carriers, and the article does specify a specific carrier (Sprint) and certain older iOS versions, it is safer to assume the compromise is still present until confirmed otherwise.

      • but from the description and comments I understood this is a combination of Implementations by Carrier and mobile OS.
        It happens only on Z10, so it’s nothing generic with BlackBerry 10 OS.
        So I’m a bit sceptic if really all Z10 running all OS versions at all Carriers will be effected.
        Before getting more infos from BlackBerry or at Black Hat Conference I would still add a ‘?’

        • Understood. More details will be posted as they become available, but the fact remains that, as of now, the BlackBerry Z10 is affected. That is not in question. I will, however, add that caveat to the article. 🙂

    • Right!

  3. Wow!!!

    • Take it with a grain of salt until the facts are revealed. There is a lot of uncertainty here. Why just Z10s (hardware?) not BB 10.2.1, why just some carriers (software?), and why a small number of iOS devices (software or hardware?)? Sounds like a possible hardware & software combination? Might be some propaganda there.

  4. It’s a third party software, which makes the vulnerability. It looks like, that it’s not the BlackBerry OS. But the facts we will see on the Black Hat conference.

  5. Not BlackBerry 10. And in regards to the Carriers in the USA, are they still taking years to update BB10 devices? With newer versions? If so, there you go, problem solved.

    • Ha, that is their specialty is been about half a year since I seen an update from my carrier.

    • Could be that some carriers install software onto some phones that are vulnerable. The ones installed onto some Z10s are at risk. That could easily be addressed by removing some of the carrier add-on apps. We shall soon find out.

  6. how could it only be Z10 and not others bb10 devices ?
    how could the Z10 be on top of the mentionned affected list, when we know (being realistic) it hasn’t sold as well as android and ios devices ????
    BlackBerry will be forced to answer… Wait until then.

  7. not to forget:
    1. if Z10 is a BlackBerry Balance Device no software installed by carriers can get data from work perimeter
    2. because of BlackBerry 10 Sandboxes no by-carrier installed software can break the sandboxes and get app-specific data.
    Both looks very different on Android or iOS devices 😉

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2018’ BerryReview LLC