RSS

Blackberry releases first security fixes for new Z10 smartphone

13 Jun

Blackberry released two security bulletins yesterday, fixing flaws in its software for the Blackberry Playbook and Blackberry Z10 smartphone.

BSRT-2013-005 affects both the Z10 and the Playbook and fixes vulnerabilities in the bundled Adobe Flash Player.

This raises an important question in my mind, though. Why on earth has Blackberry launched a new mobile operating system with Flash support, knowing full well the number of vulnerabilities and in the wild attacks against it?

shutterstock_NoFlash170Apple was first to shun Flash while some Android handset makers bragged about Flash support. For about a month. Then Adobe pulled the plug on its own Android package.

This seemed to have resolved the issue and HTML5 was the winner for mobile interactive content. “Winner by default,” or so I thought.

Now you might think it is a “nice to have” so long as Blackberry keeps it up-to-date and makes it easy to apply to your device. Adobe released Flash fixes yesterday too, right?

While that is true, the Flash fixes released by Blackberry yesterday were from back in January. Yes, they fixed the vulnerabilities described in APSB13-01.

I took a look back at fixes for the Playbook and discovered that Blackberry appears to continuously lag about five months behind.

The company released patches for the November and December 2012 Flash updates in May 2013.

Blackberry also released BSRT-2013-006, fixing a vulnerability in its Blackberry Protect application for the Z10 smartphone.

The vulnerability itself seems extremely difficult for an attacker to exploit:

"Successful exploitation requires not only that a customer enable BlackBerry® Protect™, use the feature to reset the device password, and download a specifically crafted malicious app, but also that an attacker gain physical access to the smartphone."

Nevertheless, there are some very important lessons to be learned from this bulletin.

"Unlock the work perimeter... if the work perimeter password is the same as the device password"

"Access any other local and enterprise services for which the legitimate user has used the same password as the smartphone’s password."

BBZ10-Password170Passwords. It always comes back to passwords. An even more difficult problem on smartphones than it is on dekstop and laptop computers.

While Blackberry’s latest OS lets users segregate their work and home lives using “perimeters”, those are only secure if you use different credentials to access each.

Even worse if you use the same password on your phone, your work perimeter, home perimeter and Active Directory credentials, one mistake brings down the whole house of cards.

It may be highly unlikely that you get compromised as a result of this vulnerability, but it is a good reminder on the importance of using unique passwords for each “role” in your life.

Advertisements
 
19 Comments

Posted by on June 13, 2013 in Uncategorized

 

19 responses to “Blackberry releases first security fixes for new Z10 smartphone

  1. legit ways to make money online

    June 13, 2013 at 8:19 am

    Great article.

     
  2. http://www.youtube.com/watch?v=xXaJhdwZIpA

    June 14, 2013 at 2:55 pm

    Fantastic post but I was wanting to know if you could write a
    litte more on this topic? I’d be very thankful if you could elaborate a little bit further. Bless you!

     
  3. http://www.youtube.com/watch?v=VMJkb-bhjiI

    June 14, 2013 at 3:07 pm

    I’m truly enjoying the design and layout of your site. It’s a very easy on the eyes which makes it much more pleasant for me to come here and visit more
    often. Did you hire out a developer to create your theme?
    Excellent work!

     
  4. Nicolas

    June 14, 2013 at 3:31 pm

    Awesome issues here. I’m very satisfied to see your article. Thanks a lot and I’m having a look forward
    to touch you. Will you kindly drop me a e-mail?

     
  5. comefaresoldifacili

    June 14, 2013 at 5:22 pm

    Hello, I want to subscribe for this weblog to obtain newest updates, so where can i do it please assist.

     
  6. how make money online

    June 14, 2013 at 6:45 pm

    each time i used to read smaller content which also clear
    their motive, and that is also happening with this
    paragraph which I am reading now.

     
  7. Rosie

    June 14, 2013 at 6:55 pm

    What’s up to every one, the contents existing at this web site are in fact awesome for people knowledge, well, keep up the good work fellows.

     
  8. Marcella

    June 14, 2013 at 7:08 pm

    I am extremely impressed with your writing skills as well as with
    the layout on your weblog. Is this a paid theme or did
    you customize it yourself? Either way keep up the excellent quality writing,
    it’s rare to see a great blog like this one these days.

     
  9. www.youtube.Com/watch?v=xXaJhdwZIpA

    June 14, 2013 at 8:59 pm

    I appreciate, cause I found just what I was taking a look
    for. You have ended my four day long hunt! God Bless
    you man. Have a great day. Bye

     
  10. cedar finance bianry trading

    June 14, 2013 at 9:27 pm

    Hey there! I know this is kinda off topic but I was wondering
    if you knew where I could find a captcha plugin for my
    comment form? I’m using the same blog platform as yours and I’m having problems finding one?
    Thanks a lot!

     
  11. youtu.be/VMJkb-bhjiI

    June 14, 2013 at 9:29 pm

    These are truly enormous ideas in regarding blogging. You have touched some fastidious factors here.

    Any way keep up wrinting.

     
  12. cedar finacial

    June 14, 2013 at 10:48 pm

    I seriously love your website.. Great colors & theme. Did you make this site yourself?
    Please reply back as I’m attempting to create my very own website and want to find out where you got this from or exactly what the theme is called. Cheers!

     
  13. http://www.youtube.com/watch?v=MN36K29q7_Q

    June 15, 2013 at 12:27 am

    I am curious to find out what blog platform you are using?
    I’m having some small security problems with my latest website and I would like to find something more safeguarded. Do you have any suggestions?

     
  14. Cedar finance debit card

    June 15, 2013 at 9:34 pm

    Greetings from Carolina! I’m bored to tears at work so I decided to browse your blog on my iphone during lunch break. I love the information you provide here and can’t wait to take a look when I
    get home. I’m shocked at how quick your blog loaded on my cell phone .. I’m not even using WIFI, just 3G .

    . Anyways, superb blog!

     
  15. Sadye

    June 24, 2013 at 9:34 am

    Just wish to say your article is as amazing. The clarity in
    your post is simply excellent and i can assume you’re an expert on this subject. Fine with your permission let me to grab your feed to keep up to date with forthcoming post. Thanks a million and please keep up the gratifying work.

     
    • Ene

      July 16, 2013 at 4:43 pm

      thanks

       
  16. Willard

    June 27, 2013 at 4:22 pm

    An intriguing discussion is definitely worth comment.
    There’s no doubt that that you should write more about this subject, it may not be a taboo subject but typically people do not discuss such subjects. To the next! Many thanks!!

     
  17. cache:http://www.cedarfinance.com/home

    June 30, 2013 at 9:25 am

    Hi! This is my first visit to your blog! We are a group of
    volunteers and starting a new project in a community in the same
    niche. Your blog provided us useful information to work on.
    You have done a wonderful job!

     
  18. gratissex

    July 5, 2013 at 7:53 am

    Hi you have a great website. I wanna thank you for sharing this interesting articles with us. Keep up this good work.

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: