CrackBerry.com warned Research In Motion about potential exploit on BlackBerry PlayBook in April

By Kevin Michaluk on 5 Dec 2011 07:53 pm EST
14
loading...
0
loading...
67
loading...

DingleBerry Exploit

With DingleBerry now available to gain root access to the BlackBerry PlayBook, we're quickly learning more about how the exploit works. We have a more in-depth post coming up soon, but a big part of that answer was just tweeted out by DingleBerry creator Chris Wade. See the tweet above for explanation.

What's really surprising, funny, interesting, sad and disturbing here is that CRACKBERRY.com actually warned Research In Motion about this exploit back in April, 2011, shortly after the BlackBerry PlayBook was released: 

From: Shao @ CrackBerry
Sent: Friday, April 29, 2011 4:49 PM
To: Research In Motion (names removed)
Subject: PlayBook exploits 

I apologize for directing this your way right now, just didn't know who to send it to. And I'm sure you are aware of some if not all of these issues already. But I thought just to be safe I'd pass them along.

Obviously it's out in the wild about the backup files. Aside from the obvious application structure there seems to be some other potential vulnerabilities such as unencrypted passwords. Also I haven't had a chance to test this yet but thought it was worth mentioning it seems that it might be possible to exploit samba using the config files in the backup. From the looks of it mounting other folders beyond the certificates and media folders should be possible among other things. Once someone has access to that, well you know the rest...

Anyways just thought Id pass that along incase there were parts not known.

On this issue our forums moderator Shao128 went straight to the appropriate RIM contacts with an email on this (vs. posting publicly about it) so that they would forward onto RIM security to address the issue, and indeed Shao128 did receive a reply to say they were discussing it internally and would follow up. So it was acknowledged. There's more to making this exploit work than just what was stated above, but this is a big part of what enabled it (backup causes a reboot, and files like smb.conf are restored from stock at boot time - so there's some other * dark magic* exploiting that process). 

But as G.I. Joe would say, knowing is half the battle. And in this case, RIM knew, and chose not to do anything about it.

27 comments

Jake Storm

I don't get it.
Why was Shao warning RIM about this? Is it a bad thing?
If it's bad, why does Crackberry have 4 articles promoting it on the front page of the site?

pkcable

CB reports good and bad!   That what a blog does!   We are reporting what is hot in the world of BB, and right now that, rooting the PlayBook.

djtaube

The idea behind reporting this to RIM is because they would be interested in securing their device from exploits. Exploits that, in this case allow for rooting, may lead to customers' data being accessed by a malicious people.

It is similar on the other mobile platforms where devices are rooted to allow for unverified apps to be installed, but one runs the risk of those apps actually being a form of malware.

TeaBoy

Let see what crackberrywold can do with this dingleberry thing, RIM know the only way to win this war is let it be ROOTED!

ayekon

For once... I'm glad someone is still sipping coffee over this...

Style + Playbook 64gb

pipotobe

This is unbelievable. Crackberry Kevin should be the RIM Ceo. I have a feeling he would take an email like a bit more seriously. RIM wake up!!!!!

Steve Rizla

So, you would fire the CEOs because two other employees didn't forward their emails to proper the engineer?

stormsurvivor

So this means anyone with a rooted pb can now get source code of any app on the device
because the bar files of the apps are just the source code in text and not encrypted or compiled???"

papped

You could already extract the .bar files from the PB backups, so rooting doesn't really have much to do with that.

Mr.Conviviality

I wish I understood what any of this meant.

Does this mean I have to buy an iPad now?

thecsman

Yeah, go ahead, spend $400 more on a device that can be jailbroken just by opening a page in the browser. :D

jayemmbee

Haha ima go on a limb and say a rooted playbook is still more secure than a iPad jailbroken or not

trsbbs

You can lead Jim and Mike to water but I'll be damn'd if they didn't drown.

No matter how your crack it, the boss(s) is/are the one(s) to shoulder the good and the bad.

To many miss-steps, missed deadlines, lies, broken promises, continued bad execution and
followup from the top on down.

Even the blind can see a pattern here.

Tim

Jake2826

M.K. and T.L. no workyyyy at RIMyyyy no more if it's any consolation Kevin.

BB_Bmore

if i did not already own a playbook news like this would make me want to go get one.Enterprise users aside,this is what people want with their phones and tablets..control!!! I would even venture to say that Rim also understands this and possibly even wanted the playbook jailbroken or rooted..whatever. Its good for sales and sales is what Rim needs.I imagine the playbook 4g will be the true enterprise tablet. This playbook however is for exactly that...PLAY!!! Happy hacking devs cant wait to enjoy the fruits of your labor! :D

w0qj

OK, so RIM/BlackBerry was warned just weeks after the PlayBook was released that a root exploit is possible... and RIM did nothing? Am I mistaken?

dasDestruktion

You're not, but honestly what do you expect from RIM lately?

ldcmobile

I know it's sad, but why would RIM care if there's a root for the PlayBook, when there were only like 200K in the wild?

dasDestruktion

Are you kidding? This is their darling OS that will "save" them (ie be put on phones) that is (at least for now) insecure.

moa999

Not surprising - RIM is not exactly moving forward quickly with anything on the playbook.

It took two months for the patch to come out fixing Daylight Savings Time.
(I had mine set on Vladivostok rather than Sydney)

When the same thing happened to the iphone a few years ago, patch was out within 24hrs.

OS2 Beta - Remove the tab names and switch to a 3 rather than 5-card carousel... wow groundbreaking.

The Me

Hate to break it to you, actually, not really, anyways, OS2 is a lot more than that. It has to do with native email, calendar... (I hope notes and others) as well as an also improved browser, more optimisations, native facebook, twitter and linkedin integration and a lot more background stuff going on.

I missed a lot but I'm not beta testing...

This is their future BBX lineup.
Tablet OS going on to a phone, VS what others are doing... Phone OS going to a tablet.

Boom! Revolution!

Kiddo2050

Dingleberry... yawn...

Unless by rooting you can come up with an OS that is better than 2.0, 99.99% of PB/Blacberry users will NOT be interested.

Dingleberry team instead of doing something totally f-ing useless why not use your sklills to write an App that allows us to mark up and save PDFs, that is ten times more useful that the stupid f-ing exploit you've done.

Crackberry.com why not write 4 articles on the best Android apps that will be useable under 2.0. Probaly about a thousand times more useful that your 4 posts on Dingleberry crap.

sk8er_tor

Funny but true. Four posts about the same thing and I wish we could do something with it.

Rootbrian

They're overlooking the comments. Don't get the hammer... Lol

Dark_Halmut

To be honest I would have likely skimmed this email. You're too appologetic and beating around the bush. When filing a bug or security hole say it how it is. Make it scary.