Print 12 comment(s) - last by Mitch101.. on Dec 8 at 2:48 PM

Much like Apple, RIM was quickly outwitted by hackers

When an Apple, Inc. (AAPL) iPhone gets hacked, it's no big surprise.  When a Google Inc. (GOOG) Android smartphone gets turned into a slave in a massive botnet, it's an average day on the market.  But when Canadian smartphone maker Research In Motion, Ltd. (TSE:RIM) gets hacked, it's major news, as the devicemaker has built a reputation on underlying rock-solid security.

Questions about the security of the company's recent acquired QNX operating system were raised when a trio of hackers released a tool called Dingleberry, which gave root access to RIM's first QNX tablet, the PlayBook.  The tool allowed users to jailbreak their device -- a process of granting yourself administrative rights on legally purchased devices through atraditional means, as authorized by the Library of Congress's Summer 2010 amendments to the Digital Millennium Copyright Act [PDF] (DMCA).

RIM yesterday confirmed the vulnerability in a Knowledge Base (KB) post, which revealed its origin to be a weakness in QNX's file sharing system.  When the OS interacts with the company's BlackBerry Desktop Software users can manipulate it to achieve an escalation of privileges.

The company quickly pushed a fix down the pipe to users.

But as Apple has unpleasantly experienced in the past, the hackers were one step ahead.  They had already updated the jailbreak tool to still work post-patch.  Hacker "Chris Wade" writes on Twitter:

all firmware are currently jailbreakable

While that claim has not been confirmed definitively, if it's true it looks like it's back to the drawing board for RIM, and more embarrassment from the company who was traditionally a leader in security.

Sources: RIM [Patch Press Release], RIM [KB Security Advisory], Twitter-Chris Wade

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Dumbasses
By JasonMick on 12/7/2011 12:14:06 PM , Rating: 2
These execs should learn that Jailbreak is not the end of the world but generally spurs sales of the product. Im not saying rim should turn a blind eye but should take a hard look at how many devices sold before and after the jailbreak then decide how soon they want to fix the issue. I know the Playbook has been one of the worst selling devices and a jailbreak might just get the device out there. I know a lot of people who wont buy the device until its jailbroken. Just saying.

Allow an easy jailbreak is definitely a good thing for home users and a selling point for intelligent DIY home user. (Just ask Google!)

That said for corporate IT departments, they represent the risk of losing what little administrative control they had over their device. Ultimately, in this case the device in question is more of a consumer toy and likely not going to see much serious business traction.

Where RIM has to worry is with the upcoming BBX OS for its smartphones. If QNX has these kinds of vulnerabilities, the QNX-derived BBX will likely have them as well. Given the high levels of corporate use of Blackberries, this is a serious issue, and could impact sales.

Currently businesses buy BlackBerries not just for their functionality, but for their security OS and services. If the security advantage starts to erode, RIM may see itself losing the core corporate business that has sustained it in the face of struggling sales in the fickle consumer market.

For that reason it's very important to RIM's bottom line to keep jailbreaks/rooting OFF QNX/BBX, even if that is unwelcome news for DIY non-corporate users.

"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki