This year's Pwn2Own event is well underway in Vancouver. The yearly event takes the best White hat hackers and challenges them to exploit computers and operating systems so that their vulnerabilities may be shared with the owners of those operating systems in an effort to make them more secure. In previous years, Research In Motion has stood its ground but this year results are now in for BlackBerry. The news however, isn't the best. This year, a BlackBerry Torch running OS 6.0.0.246 was successfully exploited using the long awaited WebKit browser. The browser exploit allowed Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann to gain access to all contact information as well as the image database. Research In Motion's director of security, Adrian Stone was on hand to confirm the exploit and made the following statements about it:
“It happens. It’s not what you want but there’s no such thing as zero code defects,” in addition to that statement Stone also advised that RIM's security team would analyze the date to see if it was a true zero-day flaw and if so, then a fix would created and then rolled out to carrier partners so that end-users get it. This situation of course assumes that it hasn't already been fixed in a later revised OS. But that could not be confirmed at the time.
Given that Research In Motion doesn't use any underlying security in its OS such as ASLR or DEP and others do, it is something that Research In Motion is looking to be adding at a later time. When asked about the security within BlackBerry devices Vicenzo Izzo noted “The advantage for BlackBerry is the obscurity. It makes it a bit harder to attack a system if you don’t have documentation and information," which leads into the fact that WebKit while Open Source, is an Apple derived product with lots of detailed information about it being available to all.
Source: ZDNet
CrackBerry Poll: Are you seeing an increased amount of spam on BlackBerry.net emails?
<a href="http://polldaddy.com/poll/6411845/">Are you seeing an increased amount of spam on BlackBerry.net emails?</a> Looking around the CrackBerry Forums today, I found a few threads where folks mentioned an increased amount of spam on their BlackBerry.net email addresses. Of course, spam on...
RIM Announces Approval of BlackBerry 7 Smartphones for U.S. Department of Defense Networks
Press Release TAMPA, FLORIDA--(Marketwire - May 9, 2012) - DISA Mission Partner Conference -- Research In Motion (RIM) (NASDAQ:RIMM)(TSX:RIM) today announced DoD-wide approval for the use of BlackBerry® 7 smartphones. Working with U.S. Army and Defense Information Systems Agency (DISA) sponsors and partners, BlackBerry 7 smartphones have undergone successful testing through Army labs...
In a world of proprietary and open source software, where does BlackBerry fit?
As I was crawling the Web for BlackBerry news, I ended up at our sister site, Android Central. I stumbled on this interesting article called ”What does 'open' mean to us?”, which discusses the state of open source and its relation to the Android platform. Being a loyal Linux hacker, I simply could not let this slip away – someone going by the name eric6052 commented on the article at...
How Go Talk intends to be the BlackBerry of mobile carriers
Identity theft often goes through an unexpected route: conning the carrier. Go Talk Wireless wants to stamp out SIM swap fraud at the source.