Z10 BB10 - Security and Exploitation (ROOT)

Printable View

12-08-13, 07:28 PM
Labba Labbala

Z10 BB10 - Security and Exploitation (ROOT)

Hi,
I have just seen this video of BlackHat 2013 talking about the BB10 design and some of the security issues that where found by this security researcher - Ralf-Philipp Weinmann: Black Hat 2013 - BlackberryOS 10 From a Security Perspective - YouTube

from what i have seen his findings:
- 16:40 : no heap hardening protections
- 17:25: no root but a way to run your own stuff with scrips
- 21:20: IPv6 stack testing produced crashes ->> didn't looked to see if they are exploitable or not !!
- 22:15: BaseBand - recommending to NOTuse the STL100-3 due to security potential issues!!
- 24:50-30:00: RIM can remote collect data of users without user notification!! Screen captures, raw memory voice/audio and more..
- 30:15: HINT! there is an exploitable bug using a metacharacters for "proc name" that is crashing that can execute commands
- 31:43: researcher doesn't like the signature verification that may lead to persistence of bad files on the system.
- 34:15: researcher doesn't like "Blackberry balance" that infact doesn't have a real sandbox like it should have...

so this is interesting time to dig into the BB10 OS to see those issues has raised .. :-)

Enjoy!
12-08-13, 07:41 PM
SirJes

Did he show any proof of this? , -paging omnitech- since omni spoke of this a previous tgread.

CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.
12-08-13, 07:44 PM
Labba Labbala

he started by saying that he is not going to give any 0day since he don't want to talk about that.. but this person is one of the people who have hacked blackberry devices in the past and moreover than that he is known to have deep knowledge on cellular base band attack that can remotely control almost any device..
12-08-13, 07:44 PM
Tre Lawrence

BBRY's TOS clearly states they collect data, to be fair.
12-08-13, 08:14 PM
bennelong

Good video, thanks! Listening to it (on YouTube in the browser) as I type.
12-08-13, 08:24 PM
Omnitech

I have already posted links elsewhere and there have been articles on Crackberry months ago pointing-out that this talk was a big letdown because he basically didn't demonstrate anything.

This is at the very same conference where people in other rooms were doing live demonstrations of Android and iOS exploits.

My point is: there's not much there, there.

Believe me, if there were an active root exploit for BB10, we would probably know about it.

There isn't.

There was a way to do it on a very early build of the OS (something probably very few if any customers are running any more), but BlackBerry closed that hole and I've seen no evidence that anyone else has been able to come up with an actual root exploit since then.

As you all know, root exploits are all over the place for iOS and Android. To the point where probably thousands of apps on Google Play are only functional on a rooted device. ;)

'Nuff said.
12-08-13, 08:28 PM
Omnitech

Originally Posted by Tre Lawrence

BBRY's TOS clearly states they collect data, to be fair.

I believe they specifically pointed this out in response to that claim.

One of the first things I did when I bought my first Z10 was turn that off. :)

Same thing I did on my Android device. (Though that's only the tip of the iceberg w/ Android, which is why I do not access or store any confidential stuff on that device.)