Early last week, Armis Security published the details of a new Bluetooth exploit called BlueBorne. At the time the vulnerability was announced, Apple, Google, and Microsoft all patched the exploit and for Android, the fix was issued with the September security patch. For their part, BlackBerry has investigated the impact of the collection of vulnerabilities on BlackBerry products and issued a security notice outlining the details of any impacted BlackBerry products.

Summary of impact on BlackBerry products

BlackBerry powered by Android smartphones

BlackBerry has previously investigated the impact to its products and determined that BlackBerry powered by Android smartphones were affected.

In response to the issues detailed in the Android Security Bulletin—September 2017, an updated software build to remediate these issues has been included in the September Security Maintenance Release (SMR). The updated software build can be identified by an Android security patch level of September 1st 2017 or later and is available as follows:

  • For customers with BlackBerry powered by Android smartphones purchased through ShopBlackBerry.com, the September SMR is available.
  • For customers with BlackBerry powered by Android smartphones not purchased directly from BlackBerry, please consult your carrier or licensed manufacturer.

BlackBerry 10 smartphones

BlackBerry has investigated the impact to its products and determined that BlackBerry 10 smartphones are not affected.

BlackBerry OS smartphones

BlackBerry has investigated the impact to its products and determined that BlackBerry OS smartphones are not affected.

BlackBerry products running on affected platforms

The vulnerabilities known as "BlueBorne" are a collection of issues with the implementation of Bluetooth on a variety of software platforms. Several BlackBerry products are installed on the affected platforms:

  • BlackBerry UEM and UEM clients
  • BlackBerry Workspaces and Workspaces clients
  • BlackBerry Dynamics

These products are not directly affected and are designed to provide best possible security even on a compromised platform, however BlackBerry products rely on the operating system for some functionality. As such, any vulnerability in the underlying operating system could pose potential risk to any application installed on a compromised system. Sensitive data is encrypted in transit and at rest by design.

QNX products

BlackBerry has investigated the impact to its products and determined that no QNX products are shipped with an affected Bluetooth stack.

As you can tell from looking at the list, the impact on BlackBerry products has been minimal but there is a chance that some Android powered BlackBerry devices out there will be impacted until the September SMR becomes available for all devices. If you're looking to learn more about BlueBorne, you can check out the original details on the Armis site or check out this post on Android Central which digs into the details in more understandable terms.

Read the full security notice via the BlackBerry Knowledge Base