As fixes for the KRACK vulnerability continue to be rolled out, BlackBerry has now posted their official update highlighting the impact of KRACK on BlackBerry products. All in all, the security notice doesn't state much of anything new but it does indeed confirm updates for BlackBerry smartphones powered by Android are rolling out, some of which have already been received, and others are forthcoming.

Summary of impact on BlackBerry products

BlackBerry powered by Android smartphones

BlackBerry investigated the impact to its products and determined that BlackBerry powered by Android smartphones are affected by the following vulnerabilities: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.

An updated software build to remediate these issues has been included in BlackBerry powered by Android builds identified by the Build numbers AAQ280, AAQ281, or AAQ289.

  • For customers with BlackBerry powered by Android smartphones purchased through ShopBlackBerry.com, BlackBerry has begun making the fix available and will continue to deploy builds as they become available.
  • For customers with BlackBerry powered by Android smartphones not purchased directly from BlackBerry, please consult your carrier or licensed manufacturer.

BlackBerry Enterprise products

Our enterprise solutions, including BlackBerry UEM, BlackBerry Dynamics, BBM Enterprise or BlackBerry Workspaces do not assume that the network used to carry the data is trustworthy, and therefore a weakness in the Wi-Fi protocol used as part of that network does not impact these solutions. Further, communication between UEM and devices is protected by additional layers of encryption. Please see Protecting data in transit in the BlackBerry UEM Security Note.

Actions for customers

BlackBerry recommends that all users of BlackBerry powered by Android smartphones should update to a build that contains the fix, as identified above, as soon as it is available. There is no action necessary for users of BlackBerry UEM, BlackBerry Dynamics, BBM Enterprise or BlackBerry Workspaces.

As noted, the updated builds being sent out are AAQ280, AAQ281, and AAQ289 starting with the October security update, so you can check your device for updates now and see if it's there. If not, you'll just have to hang tight for now they'll start rolling out through the month of November once Google also pushes their monthly security updates.

BlackBerry response to the impact of the vulnerabilities known as KRACK on BlackBerry products

Thanks, deremi!