This year's Pwn2Own event is well underway in Vancouver. The yearly event takes the best White hat hackers and challenges them to exploit computers and operating systems so that their vulnerabilities may be shared with the owners of those operating systems in an effort to make them more secure. In previous years, Research In Motion has stood its ground but this year results are now in for BlackBerry. The news however, isn't the best. This year, a BlackBerry Torch running OS 126.96.36.199 was successfully exploited using the long awaited WebKit browser. The browser exploit allowed Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann to gain access to all contact information as well as the image database. Research In Motion's director of security, Adrian Stone was on hand to confirm the exploit and made the following statements about it:
“It happens. It’s not what you want but there’s no such thing as zero code defects,” in addition to that statement Stone also advised that RIM's security team would analyze the date to see if it was a true zero-day flaw and if so, then a fix would created and then rolled out to carrier partners so that end-users get it. This situation of course assumes that it hasn't already been fixed in a later revised OS. But that could not be confirmed at the time.
Given that Research In Motion doesn't use any underlying security in its OS such as ASLR or DEP and others do, it is something that Research In Motion is looking to be adding at a later time. When asked about the security within BlackBerry devices Vicenzo Izzo noted “The advantage for BlackBerry is the obscurity. It makes it a bit harder to attack a system if you don’t have documentation and information," which leads into the fact that WebKit while Open Source, is an Apple derived product with lots of detailed information about it being available to all.
Enter to win a BlackBerry KEY2 LE and prize package from CrackBerry!
New year, new giveaway! Enter to win a BlackBerry KEY2 LE!
Save $150 on the BlackBerry KEY2 from GoTalk
For a limited time, GoTalk has knocked $150 off the regular price of the KEY2 in Silver or Black when you use coupon code KEY2XMAS at checkout.
Twitter announces new controls for conversations, available globally now
Twitter has announced that it is changing the way conversations work on Twitter, bringing more control to users so as to make Twitter safer and more comfortable.