Print 10 comment(s) - last by retrospooty.. on Dec 1 at 2:48 PM

RIM vows to patch the security hole, if it is confirmed

The BlackBerry PlayBook is veteran Canadian smartphone maker Research in Motion, Ltd.'s (TSE:RIM) first crack at a modern tablet.  And with surprisingly solid hardware, access to Android's massive app catalog, and certain semi-exclusive high profile app titles (e.g. Dead Space) the PlayBook is a pretty attractive option.

Unfortunately it's just become a blemish on RIM's generally outstanding security record, if recent reports prove true.  Reportedly the PlayBook has been rooted by three OS hackers, whose handles are xpvqs, neuralic, and Chris Wade.   The hackers first announced their success on Twitter, then posted a video of the running exploit:

I. New Exploit Reportedly Works Across All Current QNX Versions

The alleged exploit used by the PlayBook hackers was dubbed "DingleBerry" -- a semi-profane slang term -- perhaps a disturbing play on the nickname "CrackBerry".

The BlackBerry PlayBook [Image Source: RIM]

According to the creators it works both with the beta preview channel build of the PlayBook's QNX operating system, and for all released versions.  It gives you privileged access to the core operating system files.  And it persists between updates.

There is some interest in using the root to perform a full-fledged port of Android to the PlayBook, perhaps in a dual-boot configuration with QNX to retain access to the core BlackBerry services.

RIM told Reuters that they are investigating the rooting incident and will issue a patch if indeed the vulnerability is real.

II. To Root or Not To Root

In the word of security vulnerabilities, there's all sorts of levels of severity, but the most serious is a vulnerability that grants the user super-user/"root"-level privileges in a operating system.     If a malicious attacker gains root access they can compromise all sorts of private data and personal interactions on a device, typically for financial gain.

On the other hand using vulnerabilties to root phones allows customers to overcome carrier and OEM restrictions placed on a device (i.e. "jailbreak" a device).  For example, rooting an iPhone allows you to install wallpapers rather than face the same old boring black screen, which Apple, Inc. (AAPL) mandates).

Some companies like Google Inc. (GOOG) and Microsoft Corp. (MSFT) have taken a tolerant approach [1][2] to rooting/jailbreaking.  Their basic premise is that if they allow savvy developers to find a certain "back door" with the promise of non-disclosure, then non-malicious hardware hackers will spend less time searching for vulnerabilities, less vulnerabilities won't be published, and malicious hackers may not have any easy path to root action.

Apple, on the other hand, has actively fought rooting efforts [1][2][3] by non-malicious jailbreakers as they represent a threat to its revenue stream by allowing third party non-App Store applications, which Apple doesn't get a cut of the revenue from.

RIM hasn't had to practice either approach for the most part, as its platform has been tightly secured.  And these days the company's waning popularity also helps lessen users' interest in rooting its device.  Along with other features, like enterprise-quality encryption on the core services, RIM has buillt up a reputation for fine mobile security.  That reputation has been a major selling point of BlackBerries in the corporate atmosphere.

Sources: YouTube, Reuters

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By name99 on 11/30/2011 8:12:26 PM , Rating: 0
Unfortunately it's just become a blemish on RIM's generally outstanding security record

So when RIM prevents rooting, DailyTech accepts that it's a legitimate part of security.
When Apple does it, that's part of Apple's attempts to steal our freedom.

Glad we cleared that up.

RE: Hmm
By amanojaku on 11/30/2011 9:34:43 PM , Rating: 2
You make an interesting point. However, I think Jason was referring to RIM's ABILITY to secure things, not the ETHICS of it. RIM's security being broken undermines its reputation, even if the exploit has nothing in common with the security of BES. It would be similar to Steve Jobs wearing a suit: he would not have appeared as the everyman, which was part of his appeal, and extended to Apple's products.

RE: Hmm
By retrospooty on 12/1/2011 7:17:07 AM , Rating: 2
I'd say the fact that it took this long to be be rooted is a pretty good effort on security. Most devices are hacked within days of release, if not hours.

"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki