1. SlcCorrado's Avatar
    Just saw this article... Rim says it's patched for 2.0 but I am curious if anyone has any more information on this?? Thanks

    RIM Statement on Intrepidous Group Infiltrate Conference PlayBook Vulnerabilities - BerryReview

    RIM Statement on Intrepidous Group Infiltrate Conference PlayBook Vulnerabilities
    by the BerryReview Team on January 12th, 2012 · Leave a Comment
    Posted in PlayBook


    Earlier this morning we were contacted by a rep who wanted to put us in touch with the Intrepidous Group who just gave a speech at the Infiltrate conference (Miami Beach). They claim that they have identified “several high risk vulnerabilities with RIM’s Blackberry Playbook that allows malicious applications to access personal information, contacts, and emails from connected Blackberry phones.” I am still waiting to hear back from them about the vulnerabilities but until then I reached out to RIM to see what they had to say.

    Here is RIM’s response:

    Media Statement: Infiltrate conference
    “The BlackBerry PlayBook issue described at the Infiltrate security conference has been resolved with BlackBerry PlayBook OS 2.0, which is scheduled to be available as a free download to customers in February 2012. There are no known exploits and risk is mitigated by the fact that a user would need to install and run a malicious application after initiating a BlackBerry Bridge connection with their BlackBerry smartphone.”

    In other words it looks like RIM is saying that it is an issue with the current PlayBook OS but would require a user to install malicious software which is not as simple as it sounds. It should be interesting to see how this plays out. I have read some of the intricate details RIM has put into the security of the PlayBook and its Bluetooth bridge connection which makes me wonder what attack vector Intrepidous Group is using.

    Developing…
    01-12-12 12:52 PM
  2. Shao128's Avatar
    Ya not hard to do, someone posted how to do it weeks ago in the PB subforum here.
    01-12-12 12:57 PM
  3. emtunc's Avatar
    You would need to go out your way to side-load a malicious app for this to happen.
    01-12-12 01:00 PM
  4. SlcCorrado's Avatar
    Ya not hard to do, someone posted how to do it weeks ago in the PB subforum here.
    It's not the root hack, if that's what you are referring too... I'm on here pretty often and do not recall any other hacks being mentioned.

    emtunc: It says that right in the article I posted Do you know more about it or no?
    01-12-12 01:10 PM
  5. Superfly_FR's Avatar
    So far I know & remember, it's not a hack, it's just an app that is side-loaded and use some kind of bridge files function.
    SlcCorrado likes this.
    01-12-12 01:17 PM
  6. peter9477's Avatar
    I reported the underlying problem on Sep 30 as https://www.blackberry.com/jira/browse/TABLET-317 (which is probably not public). It was fixed in the internal builds in October, around the time these guys apparently discovered it.

    The latest beta has it fixed, so it's not relevant going forward.
    SlcCorrado likes this.
    01-13-12 09:14 AM
LINK TO POST COPIED TO CLIPBOARD