BlackBerry Z10 Security Vulnerability Warning - June 2013

Advertisement

BlackBerry has issued an advisory about the vulnerability in the BlackBerry Protect software, which affects the Z10 Smartphone.users of the BlackBerry® Q10 and Z10 Smartphones, running BlackBerry® 10 OS version 10.0.10.648 and later are not affected. BlackBerry Z10 users running earlier versions of the BlackBerry 10 OS are advised to update to the latest version of the OS, because this will fully protect them against this vulnerability.

BlackBerry Z10 Security Vulnerability Warning - June 2013
Advertisement

“BlackBerry Protect” helps you find your BlackBerry device and protect your device's data if your device is ever lost or stolen.  For more information about “BlackBerry Protect” software, please click here.

In order to exploit the vulnerability, the Blackberry user must have the software "BlackBerry® Protect” turned on, and download a specifically crafted malicious application. Also, the attacker must have physical access to the smartphone.

The vulnerability could allow a malicious application to:

  • Gain the device password if a remote password reset command had been issued through the BlackBerry Protect website.
  •  Intercept and prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe.
  • With the device password and physical access to the smartphone, an attacker can:
  • Access the functionality of the smartphone (including the BlackBerry® Hub, apps, data, and the phone) by unlocking the smartphone.
  • Unlock the work perimeter on a BlackBerry Z10 smartphone that has BlackBerry® Balance™ technology enabled if the work perimeter password is the same as the device password.
  •  Access the smartphone over a USB tether with either BlackBerry Link or the computer’s file viewer, allowing access to the smartphone’s personal files, contacts, PIM data, and so on. The attacker could also access work perimeter content on BlackBerry Balance smartphones if the work perimeter is unlocked and access over a USB tether is allowed by a policy that the IT administrator sets.
  • Enable development mode after accessing the smartphone over a USB , allowing remote access as a low privilege development user.
  • Change the current device password, allowing the attacker to deny access to the legitimate user of the smartphone.
  • Access any other local and enterprise services for which the legitimate user has used the same password as the smartphone’s password.

BlackBerry Z10 owners and IT administrators who deploy BlackBerry Z10 smartphones in an enterprise should update their devices as soon as possible.

How can I find out what version of the BlackBerry 10 OS I am running?

  • From the home screen, swipe down from the top of the screen.
  • Tap  Settings.
  • Tap About, and view the OS Version field in the OS settings.

How to Manually Check for BlackberrySoftware Updates

  • From the home screen, swipe down from the top of the screen.
  • Tap  Settings, then Software Updates.
  • Tap Check for Updates.

For more information about this vulnerability, please click here.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Would you share this article with others?  +

DonateHelp maintain Online Threat Alerts (OTA).

Comments, Questions, Answers, or Reviews

There are no comments as yet, please leave one below or revisit.

To protect your privacy, please do not post or remove sensitive information in or from your comments, questions, or reviews. NB: We will use your IP address to display your approximate location to other users. That location is not enough to find you.

Your comment, answer, or review will be set as anonymous because you are not signed in. An anonymous comment, answer, or review cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

Write Your Comment, Question, Answer, or Review

Recommendation / Advertisement
BlackBerry Z10 Security Vulnerability Warning - June 2013