Back in June of 2013, the BlackBerry Security Incident Response Team was advised by modzero that a buffer overflow vulnerability was discovered in BlackBerry 10 OS versions earlier than version 10.2.0.1055. As part of the process, the modzero team contacted BlackBerry to reveal their findings and laid out what exactly the issue was. In that time, BlackBerry has issued a fix for this vulnerability, which is included in BlackBerry 10 OS version 10.2.0.1055 and later.
A stack-based buffer overflow vulnerability exists in the qconnDoor service supplied with affected versions of BlackBerry 10 OS. The qconnDoor service is used by BlackBerry 10 OS to provide developer access, such as shell and remote debugging capabilities, to the smartphone.
Successful exploitation of this vulnerability could potentially result in an attacker terminating the qconnDoor service running on a user's BlackBerry smartphone. In addition, the attacker could potentially execute code on the user’s BlackBerry smartphone with the privileges of the root user (superuser).
An attacker can exploit this vulnerability in the following ways:
Over Wi-Fi - In order to exploit this vulnerability, an attacker must send a specially crafted message to the qconnDoor service on a smartphone located on the same Wi-Fi network. The smartphone user must have also enabled development mode on the smartphone before an attack.
Over USB - In order to exploit this vulnerability, an attacker must gain physical access to a smartphone and then send a specially crafted message to the qconnDoor service over USB.
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 7.9. View the linked Common Vulnerabilities and Exposures (CVE) identifier for a description of the security issue that this security advisory addresses. - CVE-2014-1468
If you're running BlackBerry OS 10.2.0.1055 and later, you're no longer affected by this issue and no known attacks using this exploit have been reported. If you're still running an earlier version of BlackBerry 10 then it is suggested that you update your OS as soon as possible. If you do not have any software updates available to you, customers should contact their wireless service provider to request BlackBerry 10 OS version 10.2.0.1055 or later.
Read more
How Go Talk intends to be the BlackBerry of mobile carriers
Identity theft often goes through an unexpected route: conning the carrier. Go Talk Wireless wants to stamp out SIM swap fraud at the source.
Could AphyOS be the BlackBerry 10 successor we’ve been waiting for?
I met with representatives of Apostrophy at CES and received a first look at AphyOS — a new privacy-focused, subscription-based mobile OS that is expected launch later this year.
The Apple Watch Ultra is perfect for more than just fitness buffs
The Apple Watch Ultra is positioned as a smartwatch in a class of its own among Apple's smartwatch lineup, and it's in a class of its own amongst all smartwatches. Here's why we love it!
CrackBerry website migration happening this Saturday - DONE
Today is 2/22/22, which has put the number TWO in my head and made me realize it has been a minute or two since I've updated everyone on CrackBerry 2.0 relaunch progress. To fix that, here's an update starting with two exciting things happening this Saturday: 1. CrackBerry Turns 15! February 26, 2022 marks 15 years since CrackBerry.com officially launched. Seriously, where does the...