Z10 BB10 - Security and Exploitation (ROOT)
Hi,
I have just seen this video of BlackHat 2013 talking about the BB10 design and some of the security issues that where found by this security researcher - Ralf-Philipp Weinmann: Black Hat 2013 - BlackberryOS 10 From a Security Perspective - YouTube
from what i have seen his findings:
- 16:40 : no heap hardening protections
- 17:25: no root but a way to run your own stuff with scrips
- 21:20: IPv6 stack testing produced crashes ->> didn't looked to see if they are exploitable or not !!
- 22:15: BaseBand - recommending to NOTuse the STL100-3 due to security potential issues!!
- 24:50-30:00: RIM can remote collect data of users without user notification!! Screen captures, raw memory voice/audio and more..
- 30:15: HINT! there is an exploitable bug using a metacharacters for "proc name" that is crashing that can execute commands
- 31:43: researcher doesn't like the signature verification that may lead to persistence of bad files on the system.
- 34:15: researcher doesn't like "Blackberry balance" that infact doesn't have a real sandbox like it should have...
so this is interesting time to dig into the BB10 OS to see those issues has raised .. :-)
Enjoy!