Article

BlackBerry urges users to disable Javascript, halt browser in wake of flaws

Ryan Cloutier, Contributor

Research in Motion (RIM) is urging customers who use the popular BlackBerry handset to disable Javascript in their mobile Web browsers.

    Requires Free Membership to View

RIM's concern stems from the exploitation of a vulnerability in the open source Webkit browser, which recently debuted at Mobile World Congress in Barcelona, and was exploited in a hacking contest at CanSecWest's Pwn2Own competition in Vancouver, B.C. The team of three (two of whom took last year's competition by breaking into the iPhone) used a browser exploit in conjunction with another vulnerability to steal the phone's contact list and image database, as well as gain remote code execution.

The exploit can also allow access to data stored on a user's media card; however, it cannot grant access to email or calendar data.

The flaw is not within Javascript, but requires Java to exploit the vulnerability. The flaw affects BlackBerry Device Software version 6.0 and later. At the time of the posting of the advisory, RIM was unaware of any active attacks targeting the vulnerability outside of a test environment.

As a secondary option to disabling Javascript, RIM suggests disabling the BlackBerry browser.

The phone, a BlackBerry Torch 9800, fell on the same day as Apple's iPhone 4. Both phones were hacked as part of Pwn2Own, a hacking competition held by Austin-based HP subsidiary TippingPoint DVlabs. These two phones and many other full-fledged browsers and operating systems fell at Pwn2Own. No one attempted to breach Mozilla Firefox, a Samsung Nexus S running Android 2.3, a Dell Venue pro running Windows Phone 7 or Google Chrome.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: