3

The race is on to buy Blackberry, and companies apparently interested in owning part or all of the mobile phone company include Google and Cisco, with Blackberry itself allegedly hoping for bids from Intel, LG or Samsung.

But whoever gets it, gets it warts and all, because only a few months ago Blackberry had to issue a critical security vulnerability warning for the Blackberry Z10 smartphone.

Apparently, the vulnerability potentially allows a hacker to modify or edit data on a stolen BlackBerry Z10 smartphone using the Blackberry Protect technology.

Blackberry Protect is software which is supposed to help users delete sensitive files on a lost or stolen smartphone, or recover them again if it is lost. But the firm stated: “An escalation of privilege vulnerability exists in affected versions of Blackberry Z10 smartphones. Under specific conditions, this vulnerability could allow a malicious app to take advantage of weak permissions on a Blackberry Protect object.

“Taking advantage of the weak permissions could allow the malicious app to gain the device password if a remote password reset command had been issued through the Blackberry Protect website, [or] intercept and prevent the smartphone from acting on Blackberry Protect commands, such as a remote smartphone wipe.”

Fortunately, the vulnerability only affects the Z10 and no known virus or malicious apps currently take advantage of the vulnerability.

Owners of the Blackberry Z10 would be wise to update software on their devices and to not enable Blackberry Protect until they have done so.

We wonder whether Blackberry holds ISO 27001, showing a commitment to data security. If it doesn’t, then the new owner – be that Google, LG or Samsung – might like to consider it. Part of the ISO 27001 process is a thorough risk assessment and it seems that the Blackberry Protect technology posed a risk.

Share →