1. chaosdivine's Avatar
    Earlier this year the folks at Bluebox Security discovered a vulnerability affecting nearly any device running Android 1.6 or later. The company alerted Google, and eventually let the public know (links to BlueBox.com and the related article).

    This week Google confirmed that it’s sent a security patch to partners (links to Zdnet.com and the related article), but it’s up to individual device makers to update the software for the phones, tablets, and other devices already in the wild — and it’s likely that some older models will never see official updates.

    So do you think that this affects the PlayBook and it's Android Player layer? If so, do you not think that BlackBerry MUST update at least this aspect of the PlayBook? Otherwise there may be a "security issue" with our PlayBooks.
    Last edited by chaosdivine; 07-10-13 at 10:04 PM. Reason: made it clear that there's links to other sites
    07-10-13 10:00 PM
  2. tryfe's Avatar
    IMO, yes we should definitely get an update if BlackBerry Limited is all about security.
    07-10-13 10:02 PM
  3. LazyEvul's Avatar
    If it really does affect the Android Player, then yes I believe it should. There hasn't been any clear indication of this yet, but I believe there are ways you can get in contact with their Security Incident Response Team to get some clarification, if someone hasn't already done so. I was thinking of contacting them myself but I haven't gotten around to it yet.
    07-10-13 10:19 PM
  4. Synerworks's Avatar
    Seriously doubt it, they have not released any Flash fixes or any other fixes for matter for many moons now. Since the Android player does not operate at an elevated priviledge level in the VM, the impact would be limited. The most likely suggestion by technical support for the Playbook with a security issue would be to just turn your Playbook off since Thor has used his hammer to drive the nail into its coffin.
    chaosdivine likes this.
    07-10-13 10:24 PM
  5. antiRIM's Avatar
    The vulnerability that is known on OS 10.0.0-10.0.9 has something to do with code on the android player.
    07-10-13 11:51 PM
  6. chaosdivine's Avatar
    Apparently BlueBox has released a free Google app (.apk) to test for bad apps. https://play.google.com/store/apps/d...onerootscanner
    I don't have a Google account so I can't download the .apk and try and convert it to .bar to sideload and test with. If anyone can do that and post results that would be handy. Otherwise, I'll do it if someone can track down a legit .apk. It runs the chance of not being able to be converted...

    The Google Play Description:

    The Bluebox "Master key" Security Scanner will scan your device to determine:
    - If your system is vulnerable or patched to the Bluebox "Master key" security flaw affecting most Android devices
    - If your system settings allow non-Google Market application installs
    - If any installed application on your device is trying to maliciously take advantage of the security flaw

    NOTICE: the scanner currently cannot check .APKs in the /mnt/asec/ (copy protected apps) directory; this is a security limitation enforced by Android OS.

    Further details of the Android "Master key" security flaw are available at:
    http://bluebox.com/corporate-blog/bl...id-master-key/

    NEXUS USERS: we have seen lots of confusion, so let us clarify. Google has given out patch to other vendors (Samsung, Sony, HTC, etc.), but Google has *not* yet issued updates for their own Nexus devices!! It is unknown why, but speculation is they don't want to do a 4.2.x patch update if 4.3 is coming out very soon. We have Nexus devices too and are anxiously waiting for the update still.
    07-11-13 10:05 AM
  7. chaosdivine's Avatar
    OK so I went to PlayBook .apk to .bar converter and did a search for Bluebox and someone has already converted it (maybe, if this is a legit .bar file) http://apk2bar.org/bar/03/19/145263/...anner_v1.2.bar anyhow I haven't installed it yet, but I will when I get a few moments. I'll update the thread here with some results.

    Update: OK so it did install fine using DDPB and I successfully ran a scan. It said I have no vulnerable apps. I have attached a screenshot of the scan for what it's worth considering you have to put faith in an app that wasn't exactly designed for the PlayBook's Android Player. It does say that it's vulnerable though.

    Attachment 181525
    Last edited by chaosdivine; 07-11-13 at 11:17 AM. Reason: Added screenshot
    07-11-13 10:37 AM
  8. quackquack147's Avatar
    another hopeless plea or plight to blackberry formerly RIM.
    and secondly android is in the emulation mode. you need to break the emulation jail. its a chrooted environment. and native itself is strong with some real good hard encryption and systematic rigourous checks on the binary signature. the vm mode or chroot needs to be broken first. and unless its broken you are safe. albeit runtime will be affected. thats about it. and its a concern for the android developers, not blackberry. relax it wont hurt you. and secondly thats why sidejacking is a bad idea, you circumvent the security check. and thats why my friend denis karkli runs this project Replicant project. you need not worry. and when i port android also it will be from here + grsec + app armor + pax + system libraries are hashed ;-)
    no need to panic. go drink some water. you will be just fine...........................
    and also thats why i hate android. its BS. i like a hardcore linux OS, which can be created and prepared with not just security in mind but also safe practices.
    even if there is a vulnerability it will be only inside the chroot or vm jail or vm container. nothing more. relax...
    how about you and i go counting ducks? good idea?
    let me know. i have started to count ducks there are as of now 39876 ducks. helps me count more. :-D
    thanks!
    -paul
    07-11-13 10:42 AM
  9. chaosdivine's Avatar
    how about you and i go counting ducks? good idea?
    let me know. i have started to count ducks there are as of now 39876 ducks. helps me count more. :-D
    thanks!
    -paul
    The ducklings from the mother duck (hen) in our backyard haven't hatched yet. When they do, I'll take some photos and upload them. She hisses like crazy anytime I try to get close to the bush where her nest is. It takes about a month for the eggs to hatch. They're due anytime now. The hen is much skinnier than she used to be - could barely clear the fence when she was pregnant...

    The thing is, there are magpies and crows around in the area and they know she's there too...they were fighting last night. I hope the eggs don't get stolen/destroyed by the vultures. I hate crows and magpies...

    The ducklings can't get out from the yard though as it's fenced in. So I'll have to call Fish and Wildlife to come get the little critters when they're born. We're not near water and they'll most likely die since it takes another month or so to be able to fly. They won't last that long in our backyard without proper food/shelter and safety.
    07-11-13 11:10 AM
  10. quackquack147's Avatar
    The ducklings from the mother duck (hen) in our backyard haven't hatched yet. When they do, I'll take some photos and upload them. She hisses like crazy anytime I try to get close to the bush where her nest is. It takes about a month for the eggs to hatch. They're due anytime now. The hen is much skinnier than she used to be - could barely clear the fence when she was pregnant...

    The thing is, there are magpies and crows around in the area and they know she's there too...they were fighting last night. I hope the eggs don't get stolen/destroyed by the vultures. I hate crows and magpies...

    The ducklings can't get out from the yard though as it's fenced in. So I'll have to call Fish and Wildlife to come get the little critters when they're born. We're not near water and they'll most likely die since it takes another month or so to be able to fly. They won't last that long in our backyard without proper food/shelter and safety.
    have a good watch on my nursing cousin. and see to that my nephews and neices are all in good shape. and try to offer her some security. like how about a little fencing.... of course with her permission. and i am sure she must be as tensed you and myself are. :-D let me know when they first quack.......... quackkkkkkkkk!
    and will they be safe in foster care? or will be a day care. nursery play time. :-D they needs to eat snails. then only they will grow up quick and wooshhhhh (fly off)!
    cheers!
    thanks!
    -paul
    07-11-13 11:20 AM
  11. godsfantasy's Avatar
    PlayBook is a RIM *PROBLEM*, not a BlackBerry one.
    07-11-13 02:42 PM

Similar Threads

  1. Think-4-U Music Player
    By Bumble2000 in forum BlackBerry 10 Apps
    Replies: 17
    Last Post: 01-22-14, 03:44 PM
  2. Installing Android Apps on 2 separate Blackberry Z10 devices
    By doink726 in forum More for your BlackBerry 10 Phone!
    Replies: 6
    Last Post: 07-11-13, 07:52 AM
  3. Slidr: An Active Frame Photo Slide Show
    By SCrid2000 in forum BlackBerry 10 Apps
    Replies: 2
    Last Post: 07-10-13, 11:38 PM
  4. We lost T.A. McCann and Marc Gingras
    By The Aficionado in forum General BlackBerry News, Discussion & Rumors
    Replies: 1
    Last Post: 07-10-13, 10:38 PM
  5. Replies: 3
    Last Post: 07-10-13, 06:38 PM
LINK TO POST COPIED TO CLIPBOARD