[TheScionicMan]

NOW they really need to push this update out:

Hackers can spy on BlackBerry PlayBook connections

Threatpost�s Dennis Fisher explains:

[The weakness] enables an attacker to listen in on the connection between the tablet and a BlackBerry handset. That connection, which is done via Bluetooth in the company�s Bridge application, is designed to allow users to access their corporate email, calendar and other data on the tablet.

[The researchers were] able to locate and grab the authentication token sent between the two devices during Bridge connections and, as an unprivileged user, connect to the PlayBook and access the user�s email and other sensitive information. The key to their finding�is the fact that the PlayBook�s OS puts the authentication token for the Bridge sessions in a spot that is readable by anyone who knows how to find it.

�While the bridge is active, the token is in a place that is essentially world readable. The .all file being in a place that is world readable is the thing that causes the problem with the Bridge sessions,� Lanier said.

UPDATE: Statement from RIM, makers of the BlackBerry PlayBook:

�The BlackBerry PlayBook issue described at the Infiltrate security conference has been resolved with BlackBerry PlayBook OS 2.0, which is scheduled to be available as a free download to customers in February 2012. There are no known exploits, and risk is mitigated by the fact that a user would need to install and run a malicious application after initiating a BlackBerry Bridge connection with their BlackBerry smartphone.�

Hackers can spy on BlackBerry PlayBook connections | ZDNet

[pigdude]

It will only be an issue for you if you are stupid enough to sideload the malicious software to your device......

[howarmat]

people on here sideload stuff all the time. You dont know whats in the code.

[ignites]

well i dont use bridge much anymore anyways (wifi hotspot is preferred/faster)

so it doesnt bother me i dont have any files on my pb just a few games...

but yes rim plug the hole

[kerry6]

NOW they really need to push this update out:





Hackers can spy on BlackBerry PlayBook connections | ZDNet

Hmm....Actually any Bluetooth device..That exploit has been around for years...

The article should read "Hackers can spy on Bluetooth connections"....

But i don't see anyone complaining about the Bluetooth headsets used with all model cell phones currently...Just more bias media at work..

[peter9477]

Hmm....Actually any Bluetooth device..That exploit has been around for years...

The article should read "Hackers can spy on Bluetooth connections"....

But i don't see anyone complaining about the Bluetooth headsets used with all model cell phones currently...Just more bias media at work..

They don't describe the Bluetooth part in detail, so I wonder if it's the same thing you're thinking of. You didn't include a link so I can't compare them.

Note that, contrary to how the article might sound, they're not doing this by sniffing traffic or anything like that. There's a flaw in the PPS subsystem which they noticed, and using that they simply retrieve a token used by the connection, which the PlayBook has stored in the filesystem.

This could be read by any app, quietly and without you realizing it, which is why it's a concern at all. It's not possible to do this without either releasing a malicious app through App World (and I expect they've been checking for this exploit for a while) or sideloading one, which requires physical access to the tablet and its password.

[Pearl9100]

ouch.

10 char