RIM offers JavaScript workaround for BlackBerry breach

By on
RIM offers JavaScript workaround for BlackBerry breach

RIM has confirmed a security breach in its BlackBerry OS 6.0 software.

The mobile maker advised concerned users and enterprises to switch off JavaScript to mitigate the problem.

The flaw was spotted during last week's Pwn2Own hacker challenge and requires handset users to browse to an infected site designed by the attacker.

According to the Pwn2Own hackers, they were able to steal a contact list and photo cache from an exploited phone. RIM played down the significance of the attack, claiming that the most private data on handsets was safe from the attack because it was stored in unaffected applications folders.

“A successful exploit could allow the attacker to use the BlackBerry browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone,” the company said in a security warning.

“They could not access user data that the email, calendar and contact applications store in the application storage," RIM said. "Exploitation of the vulnerability does not allow access to this part of memory.”

Nonetheless, the breach admission was an embarrassing gaffe for a company that prides itself on tight security - a big selling point for its corporate customers. RIM was quick to add that no attacks had been spotted using the vulnerability in the wild.

As a workaround until the patch is fixed, RIM recommended that concerned users and system admins switch off JavaScript, although the company admitted this would impact usability.

“Users of BlackBerry Device Software version 6.0 and later can disable the use of JavaScript in the BlackBerry Browser to prevent exploitation of the vulnerability,” the company said.

“The issue is not in JavaScript, but the use of JavaScript is necessary to exploit the vulnerability. Turning off JavaScript may impact the ability to view web pages, or result in a diminished browsing experience.”

Turning off JavaScript wasn't as drastic as RIM's second option for keeping the problem at bay, which involved “disabling the BlackBerry Browser”.

This article originally appeared at pcpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © Alphr, Dennis Publishing
Tags:
blackberry breach collaboration javascript networking offers rim software workaround

Partner Content

Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?