backtop


Print 12 comment(s) - last by Mitch101.. on Dec 8 at 2:48 PM

Much like Apple, RIM was quickly outwitted by hackers

When an Apple, Inc. (AAPL) iPhone gets hacked, it's no big surprise.  When a Google Inc. (GOOG) Android smartphone gets turned into a slave in a massive botnet, it's an average day on the market.  But when Canadian smartphone maker Research In Motion, Ltd. (TSE:RIM) gets hacked, it's major news, as the devicemaker has built a reputation on underlying rock-solid security.

Questions about the security of the company's recent acquired QNX operating system were raised when a trio of hackers released a tool called Dingleberry, which gave root access to RIM's first QNX tablet, the PlayBook.  The tool allowed users to jailbreak their device -- a process of granting yourself administrative rights on legally purchased devices through atraditional means, as authorized by the Library of Congress's Summer 2010 amendments to the Digital Millennium Copyright Act [PDF] (DMCA).

RIM yesterday confirmed the vulnerability in a Knowledge Base (KB) post, which revealed its origin to be a weakness in QNX's file sharing system.  When the OS interacts with the company's BlackBerry Desktop Software users can manipulate it to achieve an escalation of privileges.

The company quickly pushed a fix down the pipe to users.

But as Apple has unpleasantly experienced in the past, the hackers were one step ahead.  They had already updated the jailbreak tool to still work post-patch.  Hacker "Chris Wade" writes on Twitter:

all firmware are currently jailbreakable

While that claim has not been confirmed definitively, if it's true it looks like it's back to the drawing board for RIM, and more embarrassment from the company who was traditionally a leader in security.

Sources: RIM [Patch Press Release], RIM [KB Security Advisory], Twitter-Chris Wade



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Dumbasses
By JasonMick (blog) on 12/7/2011 5:27:20 PM , Rating: 2
quote:
In our system we have the ability to deny mobile devices that have been jailbroken. Once your on the environment if the user jail breaks the device its then blocked from all communication. Not sure how the system is able to determine it but its in there for both iPhone and Android devices.

Sure, but try explaining to your boss why you rejected his phone for jailbreaking. ;)


RE: Dumbasses
By Bostlabs on 12/8/2011 11:55:48 AM , Rating: 2
Easy enough to do. Just let the Information Security department deal with it.


RE: Dumbasses
By Mitch101 on 12/8/2011 2:48:46 PM , Rating: 2
Call me lucky I have a smart boss who may not know how to do everything we do but knows the limitations and available options. He is also great at mobile devices features and functions. He gets a lot of test devices from carriers and if anything is worth looking at he passes it around. I nicknamed him batman once because he had 5 phones on him one day in a meeting like batman's utility belt.


"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki