Known Wi-Fi Vulnerability in BlackBerry 7; Here's How to Fix it - N4BB
Was looking for some news for those of us still on 7.1 and stumbled upon this.
Security Expert Raul Siles from Help Net Security has revealed a vulnerability in all major mobile operating systems, except BlackBerry 10. The vulnerability*exists in the method the devices use to detect and connect to Wi-Fi networks.
Siles says that every time the Wi-Fi of a device is turned on, the device starts checking through 802.11 probe requests for networks on a periodic basis. The probe requests search for networks on the device�s Preferred Network List (PNL), and once an appropriate response is obtained, it tries connecting to the network.
With the way the devices connect to a network, a skilled hacker could create a fake network thereby*capturing a device and manipulate it. The reason being due to the network discovery process is performed by sending out a generic probe request as an open broadcast with specific requests.
�This situation has been known since 2004; Microsoft fixed it for Windows XP in 2007 and recently in Windows Phone devices but it seems the other mobile device vendors are not as concerned,�*says Siles.
The issue does not appear to be prevalent in BlackBerry 10. However, users of BlackBerry 7.x*can resolve the issue by enabling the �SSID broadcasted� option from the advanced Wi-Fi settings of the device.
Vulnerability in OS7
Printable View
- 05-27-13, 08:41 PM93AeroVulnerability in OS7
- 05-27-13, 09:50 PMSEAWARRIOR
good lookin' out,,, where do i enable the settings???
- 05-27-13, 11:38 PMbigsee
"The issue does not appear to be prevalent in BlackBerry 10. However, users of BlackBerry 7.x*can resolve the issue by enabling the “SSID broadcasted” option from the advanced Wi-Fi settings of the device."
Which device, on the router e.g. or on the BB device under sharing WiFi? - 05-28-13, 12:26 AM93Aero
On your Blackberry Bigsee.
No prob SEAWARRIOR...
Manage Connections>Wi-Fi Network>Saved Wi-Fi Networks, you'll see your router # or name you gave to your router. Click on it scroll down and you'll see this;
and then make sure 'ssid broadcasted' is enabled. - 05-28-13, 10:45 AMbigseeOk, thanks! I meant how (and why) can mobile phone broadcasting SSID although I don't use this (or sharing) feature... But thanks one more time, I enabled :yes:
- 05-28-13, 11:00 AMFrankIAm
I just fail to see how this would fix it (if there was even an issue) . Care to explain?
- 05-28-13, 11:11 AMdangerousfen
I just checked and mine was already set. Don't understand how this can solve the issue though?
Sent from my BlackBerry 9900 using Tapatalk - 05-28-13, 07:19 PMSEAWARRIOR^^^this,,, my ssid i keep hidden, (in router settings), anyway,,, my playbook shows it as hidden, my 9850 doesn't,,, by enabling this feature, does it bypass that setting??? my thought is being hidden keeps any would-be hackers @ bay as it *shouldn't* show up on the scanned networks page,,, out of sight, out of mind...
- 06-06-13, 09:19 AMjpaulo604So, is there any way to do this for all the networks on the list instead of one by one ? I have a full list ...
Also on the example above, if someone is using WEP, i believe the problem is deeper than this vulnerability.
JP
