Blackberry Issues Critical Security Advisory

by Jeff Wiener on June 20, 2013

It’s a case of same garbage, different pile for the once great Blackberry, as the company issued a security advisory notice for all those who purchased the company’s Z10 smartphone, the first of its revamped flagship Blackberry 10 series, a major setback for a company looking to once again corner the security conscious enterprise market.

The advisory noted a “critical” vulnerability in the phone’s security and backup firmware, Blackberry Protect, and warned that the flaw could lead to “an escalation of privilege vulnerability exists in the software of some Z10 phones that could allow a malicious app to ‘take advantage’ of weak permissions in the in-built security software.” With such permissions, a hacker could gain control of the device’s password, subsequently intercepting and preventing any attempts to wipe the device.

While Blackberry claims that this bug is “not currently being actively exploited,” it points to yet more problems with the struggling Waterloo mobile company, as the last thing Blackberry needs is more speed bumps on its road to recovery.

Mistakes happen, I think we can all accept that, but Blackberry seems to have a knack for making the kind of mistakes that the mobile consumer base simply can’t forgot. Whether it’s the long delayed release of its new OS, widespread outages across the Blackberry network, or the fact that the company’s first phone in its revival bid contains a critical security bug that could have huge negative implications for enterprise customers, the company’s mistakes seem to bigger than most and have simply the worst timing possible.

But that said, let’s give Blackberry credit for recognizing the problem and solving it’s quickly, before some unfortunate business had its employee Blackberry phones hacked and critical information stolen. Had that happened, its doubtful Blackberry would ever see another enterprise customer again.

As mentioned, the vulnerability exists in the company’s security and backup firmware, Blackberry Protect, and so doesn’t actually involve the phone’s operating system (score one for Blackberry 10), but through exploiting this bug, a hacker could gain complete control over one’s device, with the user helpless to do anything about it.

According to the advisory, all Z10 owners and IT administrators employing the Blackberry smartphone on their networks should update the firmware immediately, particularly now that Blackberry has let all the hackers in the world know that the bug exists. Devices that are running BlackBerry 10 version 10.0.10.261 are affected by this bug, version 10.0.9.2743 is safe, and so is the recent BlackBerry OS 10.1 update.

While I’m always willing to forgive a mistake, especially from a homegrown company like Blackberry, it’s getting increasingly difficult to support a company that, even on its road to recovery, makes far too many of them. In fact, while such a security flaw would likely be a minor story for a company like Apple—who might not even admit such a flaw and simply fix it with a prompt firmware update—for a company like Blackberry it comes across as one more nail in the coffin, not good news for a business looking to escape such confines before its dead and buried.

{ 1 trackback }

BlackBerry Secure Work Space with iOS and Android Device Management Launches — TheTelecomBlog.com
June 25, 2013 at 6:07 am

{ 1 comment… read it below or add one }

Joe Smith July 16, 2013 at 1:31 pm

wow, talk about a biased opinion based on little to no factual data.

Here’s an example: “Had that happened, its doubtful Blackberry would ever see another enterprise customer again”

I guess by that logic those same enterprise customers would’ve dumped Windows, or Oracle years ago.

Previous post:

Next post: