on 6 Dec 2011 10:27 PM
Well that didn't take long. Only a few short hours after RIM released the latest BlackBerry PlayBook OS to help fight off the DingleBerry exploit, the BlackBerry PlayBook has once again been rooted making use of another exploit known by Chris Wade. RIM did in fact patch the previous security matter as suggested in their security article on the matter but where this makes use of a different exploit within the QNX system, it's not as-of-yet known how this one functions.
Source: @cmwdotme
Hilarious! Great job, Dingleberry developers!
I still don't get the big deal with this. First you have to enable developer mode. Then you have to connect the PB using a USB cable to a computer. Then you have to have File Sharing enabled. And then you have to know the PlayBook password. I don't see this as a security vulnerability. More of a tinkering around/having fun with the QNX OS. I guess looking at the bright side, it helped push out an OS update!
Was their confirmation that the security update this afternoon was set out to disrupt the rooting?
Haha oh man that was quick
poor RIM
Why not just hire the guy LOL probably could get features implemented faster than RIM, like the NEVER TURN OFF MY PB OPTION on battery or power.
OS 2 had better be air tight. How can you call this thing "professional grade" with holes like this?
The iPad is in the enterprise space now and it's been jailbroken, I don't think DingleBerry will effect PlayBook.
For DingleBerry to work you need to know the password of the PlayBook and turn on Developer Mode.
He is doing all the hard work finding the exploits and then RIM just has to patch it. It will probably continue until there are no more exploits.
Fantastic! My suggestion would be to keep this exploit a secret and let RIM try to work out what it is. That way, we can continue to enjoy the soon to come many options with a rooted device!
Not quite how it works - once a rooting tool is released - it's pretty easy to monitor how it's doing what it's doing.
These Devs are damn sure hard at work!!! Rim should hire them and put them into some division because they would surely get something done
I do believe he probably had this up his sleeve.He knew rims next move and prepared in advance.This id becoming a chess game and it is very interesting. LETS GO BOBBY FISCHER!!!
l'm enjoying the contest.
Gotta love the differentiated updates QNX facilitates.
Frankly, I don't think the hackers are going to get too far.
This proves nothing.
BB10 is the future of blackberry. Blackberry is known for security as is QNX. It's amazing to me that this can even be happening. If RIM knew about this months ago it should have never been allowed to last over a week.
Governments, big business don't want a product that can be rooted and the security broken. If one person can do it then multiple people can. RIM is going to have to rely more and more on enterprise and governments for cash flow and if the product is broken they wont buy.
If I was one of those Co-CEO's i'd say goodbye security director for the playbook. See ya later
Exactly, why would enterprise or government purchase BBX or PB over iOS or Android devices now. RIM's levy has broken. It will taken on more water. This is not good news for RIM. This will go viral in the biased media against RIM.
Please remember that the Playbook doesn't talk to the NOC, so assuming Blackberry can verify rooted devices it can just elimintate your access to BES/BIS. That's where the real enterprise security is for RIM; anyone can hack any independent device because no system is perfect, but combine that with network verification and it becomes a tad more difficult to maintain.
I don't want my PB rooted but if they continue to root the patches maybe they'll have RIM push 2.0 out the door early with a patches in tac LOL..........hmmm your move RIM :)
I'm not sure what exactly all the implements of rooting your playbook can do but having hulu and netflix is nice. I wonder if this exploit will hold back rim since this is taking people away from their task of pushing os2 out the door.
Can you say RIM will hit their Waterloo?
OK I used the dingleberry release previous to this one and decided I would try a security wipe after a back up of course, and guess what it still keeps OS2.0 beta without downgrading it so I'm assuming if you really want to go back to release 1.08 it will have to be done using DM or am I wrong?
Computer = Hackable
Book = Readable..your point?
well said.
Having these roots come out is just taking developer time away from meaningful OS updates and don't really give you access to anything meaningful. Is there really anything you can't just develop using the NDK that this would allow you to develop? I get that it opens up the gate for an illegal app store, but that's not good for developers or the ecosystem given the lack of current apps.
Exactly. Hope these asses don't delay os2 even longer. If that happens then lets see how pro root you guys are.
RIM's reputation for having a secure OS also goes down the drain by ignoring the problem.
They should do a quarterly security gathering, much like Pown2Own where ladies and gentlemen are allowed to come in to exploit QNX.
Winners get a free Playbook and $10g's, first place gets a trophy for cracking it the fastest.
Once the OS gets harder and harder to crack, up the pot, and media blitz the event.
NEWSFLASH: DingleBerry is STILL a joke. And Chris Wade is STILL a DingleBerry. Zing!
No doubt. Hey wanna root my PC? here lemme give you the FDE password first! lol these guys should be embarrassed.
As a security professional, this is the definition of irresponsible disclosure. The "researcher" should first disclose the vulnerability to the supplier (RIM) and give them an opt to resolve it. This flies in the face of years of responsible disclosure amongst the security community.
See http://en.wikipedia.org/wiki/Responsible_disclosure
This is impressive. These guys are awesome! Congratulations.
LOL!!!!!!! RIM got owned :-)
I have a question? If RIM implemented a icloud based service for all bb products to push out updates will that be more of an ideal resolution to the rooting? Since synching it to a PC opens up its exploit...I was just wondering..its probably why apple went that route to avoid jailbreakin it...then what can the dingleberry team do then? Probably give up at that point especially if those delta updates comes into play then they would be stuck with an outdated OS lol
I was wondering if RIM implemented delta updates and a icloud structure to synching will that be the best solution for the dingleberry exploit? I'm assuming that's why apple did it so it can workaround the jailbreakin, epecially if you wanted to push to the masses enticing updates like PIM, bbm video chat, etc.
theres an even simpler fix for rim to clear this up
bye bye developer mode. its only really needed for developers to load apps for testing the regular consumer really doesn't need it
I would just make it so that with OS 2.0 you can disable developer mode from BES/policy. So consumers can hack the playbook as much as they want, but businesses are confident their playbooks remain secured until RIM can patch any vulnerabilities.
| ADVERTISEMENT |
|
|
The names RIM and BlackBerry are registered Trademarks of Research in Motion Limited.
CrackBerry.com is in No Way Affiliated with Research in Motion Limited.
We take pride in our unbiased content, however do occasionally receive free product from vendors that we review or discuss. For more info click here.
