News Stay informed about the latest enterprise technology news and product updates.

BlackBerry urges users to disable Javascript, halt browser in wake of flaws

A dangerous vulnerability affecting the BlackBerry browser can be used to gain access to sensitive data or steal the phone's contact list and image database.

Research in Motion (RIM) is urging customers who use the popular BlackBerry handset to disable Javascript in their mobile Web browsers.

RIM's concern stems from the exploitation of a vulnerability in the open source Webkit browser, which recently debuted at Mobile World Congress in Barcelona, and was exploited in a hacking contest at CanSecWest's Pwn2Own competition in Vancouver, B.C. The team of three (two of whom took last year's competition by breaking into the iPhone) used a browser exploit in conjunction with another vulnerability to steal the phone's contact list and image database, as well as gain remote code execution.

The exploit can also allow access to data stored on a user's media card; however, it cannot grant access to email or calendar data.

The flaw is not within Javascript, but requires Java to exploit the vulnerability. The flaw affects BlackBerry Device Software version 6.0 and later. At the time of the posting of the advisory, RIM was unaware of any active attacks targeting the vulnerability outside of a test environment.

As a secondary option to disabling Javascript, RIM suggests disabling the BlackBerry browser.

The phone, a BlackBerry Torch 9800, fell on the same day as Apple's iPhone 4. Both phones were hacked as part of Pwn2Own, a hacking competition held by Austin-based HP subsidiary TippingPoint DVlabs. These two phones and many other full-fledged browsers and operating systems fell at Pwn2Own. No one attempted to breach Mozilla Firefox, a Samsung Nexus S running Android 2.3, a Dell Venue pro running Windows Phone 7 or Google Chrome.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.