- SlcCorradoBlackBerryJust saw this article... Rim says it's patched for 2.0 but I am curious if anyone has any more information on this?? Thanks
RIM Statement on Intrepidous Group Infiltrate Conference PlayBook Vulnerabilities - BerryReview
RIM Statement on Intrepidous Group Infiltrate Conference PlayBook Vulnerabilities
by the BerryReview Team on January 12th, 2012 � Leave a Comment
Posted in PlayBook
Earlier this morning we were contacted by a rep who wanted to put us in touch with the Intrepidous Group who just gave a speech at the Infiltrate conference (Miami Beach). They claim that they have identified �several high risk vulnerabilities with RIM�s Blackberry Playbook that allows malicious applications to access personal information, contacts, and emails from connected Blackberry phones.� I am still waiting to hear back from them about the vulnerabilities but until then I reached out to RIM to see what they had to say.
Here is RIM�s response:
Media Statement: Infiltrate conference
�The BlackBerry PlayBook issue described at the Infiltrate security conference has been resolved with BlackBerry PlayBook OS 2.0, which is scheduled to be available as a free download to customers in February 2012. There are no known exploits and risk is mitigated by the fact that a user would need to install and run a malicious application after initiating a BlackBerry Bridge connection with their BlackBerry smartphone.�
In other words it looks like RIM is saying that it is an issue with the current PlayBook OS but would require a user to install malicious software which is not as simple as it sounds. It should be interesting to see how this plays out. I have read some of the intricate details RIM has put into the security of the PlayBook and its Bluetooth bridge connection which makes me wonder what attack vector Intrepidous Group is using.
Developing�01-12-12 12:52 PMLike 0 - SlcCorradoBlackBerry
emtunc: It says that right in the article I posted Do you know more about it or no?01-12-12 01:10 PMLike 0 - Superfly_FRRetired ModeratorSo far I know & remember, it's not a hack, it's just an app that is side-loaded and use some kind of bridge files function.SlcCorrado likes this.01-12-12 01:17 PMLike 1
- I reported the underlying problem on Sep 30 as https://www.blackberry.com/jira/browse/TABLET-317 (which is probably not public). It was fixed in the internal builds in October, around the time these guys apparently discovered it.
The latest beta has it fixed, so it's not relevant going forward.SlcCorrado likes this.01-13-12 09:14 AMLike 1
- Forum
- BlackBerry PlayBook Forums
- BlackBerry PlayBook
PB Bridge Vulnerabilities
« Retractable usb cable for charging PlayBook
|
At what percentage is best to start charging Playbook and Torch 9860? »
LINK TO POST COPIED TO CLIPBOARD