BlackBerry PlayBook rooted yet again, after RIM security patch issued
By
Bla1ze on 6 Dec 2011 10:27 pm
Well that didn't take long. Only a few short hours after RIM released the latest BlackBerry PlayBook OS to help fight off the DingleBerry exploit, the BlackBerry PlayBook has once again been rooted making use of another exploit known by Chris Wade. RIM did in fact patch the previous security matter as suggested in their security article on the matter but where this makes use of a different exploit within the QNX system, it's not as-of-yet known how this one functions.
Source: @cmwdotme
Article | 7 hours ago Message to Netflix: BlackBerry does support streaming protected content
Article | 7 hours ago Should QNX just be called BlackBerry?
Article | 1 day ago Deal of the Day: Save 42% on the Incipio OVRMLD Flexible Hard Case for BlackBerry Z10
Article | 8 hours ago Lewis Hamilton and Nico Rosberg take front row for Monaco Grand Prix
Article | 8 hours ago In honor of Memorial Day, receive FREE SHIPPING this weekend at ShopCrackBerry!
Article | 9 hours ago The diamond encrusted BlackBerry Q10 will set you back $31,000
XPEH Dec 6, 2011 at 10:28 pm
Hilarious! Great job, Dingleberry developers!
sk8er_tor Dec 7, 2011 at 6:42 am
I still don't get the big deal with this. First you have to enable developer mode. Then you have to connect the PB using a USB cable to a computer. Then you have to have File Sharing enabled. And then you have to know the PlayBook password. I don't see this as a security vulnerability. More of a tinkering around/having fun with the QNX OS. I guess looking at the bright side, it helped push out an OS update!
PlaybookPlayboy Dec 7, 2011 at 11:48 am
yeah, its hardly a root if you need the password FIRST! rofl. someone needs to go to a SANS training course or two.
Kennedy.L Dec 6, 2011 at 10:30 pm
Was their confirmation that the security update this afternoon was set out to disrupt the rooting?
Pootermobile Dec 6, 2011 at 10:30 pm
Haha oh man that was quick
djgolu123 Dec 6, 2011 at 10:32 pm
poor RIM
ciscobear Dec 6, 2011 at 10:35 pm
Why not just hire the guy LOL probably could get features implemented faster than RIM, like the NEVER TURN OFF MY PB OPTION on battery or power.
Lead_Express Dec 6, 2011 at 10:36 pm
OS 2 had better be air tight. How can you call this thing "professional grade" with holes like this?
Jerky223 Dec 6, 2011 at 11:15 pm
The iPad is in the enterprise space now and it's been jailbroken, I don't think DingleBerry will effect PlayBook.
For DingleBerry to work you need to know the password of the PlayBook and turn on Developer Mode.
borisporosin Dec 7, 2011 at 2:35 am
true for DingleBerry, but there are as well other ways to attack Playbook... stay tuned... ;)
ekafara Dec 6, 2011 at 10:42 pm
He is doing all the hard work finding the exploits and then RIM just has to patch it. It will probably continue until there are no more exploits.
mercenarycat Dec 7, 2011 at 12:59 am
And there in lies the fun. 2600 all the way
portal Dec 6, 2011 at 10:45 pm
Fantastic! My suggestion would be to keep this exploit a secret and let RIM try to work out what it is. That way, we can continue to enjoy the soon to come many options with a rooted device!
wxmancanada Dec 6, 2011 at 10:49 pm
Not quite how it works - once a rooting tool is released - it's pretty easy to monitor how it's doing what it's doing.
Vanti Dec 6, 2011 at 10:50 pm
These Devs are damn sure hard at work!!! Rim should hire them and put them into some division because they would surely get something done
BB_Bmore Dec 6, 2011 at 11:37 pm
I do believe he probably had this up his sleeve.He knew rims next move and prepared in advance.This id becoming a chess game and it is very interesting. LETS GO BOBBY FISCHER!!!
shootsscores Dec 6, 2011 at 11:58 pm
l'm enjoying the contest.
Gotta love the differentiated updates QNX facilitates.
Frankly, I don't think the hackers are going to get too far.
pbfan Dec 7, 2011 at 12:28 am
This proves nothing.
CrackBerryTorch9800 Dec 7, 2011 at 12:48 am
BB10 is the future of blackberry. Blackberry is known for security as is QNX. It's amazing to me that this can even be happening. If RIM knew about this months ago it should have never been allowed to last over a week.
Governments, big business don't want a product that can be rooted and the security broken. If one person can do it then multiple people can. RIM is going to have to rely more and more on enterprise and governments for cash flow and if the product is broken they wont buy.
If I was one of those Co-CEO's i'd say goodbye security director for the playbook. See ya later
the_sleuth Dec 7, 2011 at 6:03 am
Exactly, why would enterprise or government purchase BBX or PB over iOS or Android devices now. RIM's levy has broken. It will taken on more water. This is not good news for RIM. This will go viral in the biased media against RIM.
DBX00 Dec 7, 2011 at 7:16 am
Please remember that the Playbook doesn't talk to the NOC, so assuming Blackberry can verify rooted devices it can just elimintate your access to BES/BIS. That's where the real enterprise security is for RIM; anyone can hack any independent device because no system is perfect, but combine that with network verification and it becomes a tad more difficult to maintain.
DatBoyHam Dec 7, 2011 at 1:31 am
I don't want my PB rooted but if they continue to root the patches maybe they'll have RIM push 2.0 out the door early with a patches in tac LOL..........hmmm your move RIM :)
BigBallsB Dec 7, 2011 at 2:01 am
I'm not sure what exactly all the implements of rooting your playbook can do but having hulu and netflix is nice. I wonder if this exploit will hold back rim since this is taking people away from their task of pushing os2 out the door.
KQ17 Dec 7, 2011 at 2:56 am
Can you say RIM will hit their Waterloo?
ksean007 Dec 7, 2011 at 4:00 am
OK I used the dingleberry release previous to this one and decided I would try a security wipe after a back up of course, and guess what it still keeps OS2.0 beta without downgrading it so I'm assuming if you really want to go back to release 1.08 it will have to be done using DM or am I wrong?
mike22 Dec 7, 2011 at 6:55 am
Computer = Hackable
brucep1 Dec 7, 2011 at 10:24 am
Book = Readable..your point?
Bold_until_Hybrid_Comes Dec 8, 2011 at 6:41 pm
well said.
DBX00 Dec 7, 2011 at 7:21 am
Having these roots come out is just taking developer time away from meaningful OS updates and don't really give you access to anything meaningful. Is there really anything you can't just develop using the NDK that this would allow you to develop? I get that it opens up the gate for an illegal app store, but that's not good for developers or the ecosystem given the lack of current apps.
netviper Dec 7, 2011 at 8:01 am
Exactly. Hope these asses don't delay os2 even longer. If that happens then lets see how pro root you guys are.
MrFuts Dec 7, 2011 at 10:49 am
RIM's reputation for having a secure OS also goes down the drain by ignoring the problem.
They should do a quarterly security gathering, much like Pown2Own where ladies and gentlemen are allowed to come in to exploit QNX.
Winners get a free Playbook and $10g's, first place gets a trophy for cracking it the fastest.
Once the OS gets harder and harder to crack, up the pot, and media blitz the event.
joski Dec 7, 2011 at 10:26 am
NEWSFLASH: DingleBerry is STILL a joke. And Chris Wade is STILL a DingleBerry. Zing!
PlaybookPlayboy Dec 7, 2011 at 11:51 am
No doubt. Hey wanna root my PC? here lemme give you the FDE password first! lol these guys should be embarrassed.
canbbguy Dec 7, 2011 at 12:01 pm
As a security professional, this is the definition of irresponsible disclosure. The "researcher" should first disclose the vulnerability to the supplier (RIM) and give them an opt to resolve it. This flies in the face of years of responsible disclosure amongst the security community.
See http://en.wikipedia.org/wiki/Responsible_disclosure
EchuOkan1 Dec 7, 2011 at 12:50 pm
This is impressive. These guys are awesome! Congratulations.
Shlooky Dec 7, 2011 at 12:51 pm
LOL!!!!!!! RIM got owned :-)
landorghini Dec 7, 2011 at 1:05 pm
I have a question? If RIM implemented a icloud based service for all bb products to push out updates will that be more of an ideal resolution to the rooting? Since synching it to a PC opens up its exploit...I was just wondering..its probably why apple went that route to avoid jailbreakin it...then what can the dingleberry team do then? Probably give up at that point especially if those delta updates comes into play then they would be stuck with an outdated OS lol
landorghini Dec 7, 2011 at 1:11 pm
I was wondering if RIM implemented delta updates and a icloud structure to synching will that be the best solution for the dingleberry exploit? I'm assuming that's why apple did it so it can workaround the jailbreakin, epecially if you wanted to push to the masses enticing updates like PIM, bbm video chat, etc.
mooda Dec 7, 2011 at 1:50 pm
theres an even simpler fix for rim to clear this up
bye bye developer mode. its only really needed for developers to load apps for testing the regular consumer really doesn't need it
titanjhb Dec 8, 2011 at 6:52 am
I would just make it so that with OS 2.0 you can disable developer mode from BES/policy. So consumers can hack the playbook as much as they want, but businesses are confident their playbooks remain secured until RIM can patch any vulnerabilities.