1. trsbbs's Avatar
    National Cyber Awareness System:

    BlackBerry Releases Security Advisory
    11/14/2013 02:36 PM EST


    Original release date: November 14, 2013

    BlackBerry has released a security advisory to address potential vulnerabilities that affect a remote file access feature within BlackBerry Link for Blackberry 10 Operating Systems. These vulnerabilities could allow an attacker to obtain elevation of privilege or execute arbitrary code remotely.

    US-CERT recommends users and administrators to review the BlackBerry Security Advisory BSRT 2013-012 and follow best practice security policies to determine which updates should be applied.
    11-14-13 04:54 PM
  2. Bold_until_Hybrid_Comes's Avatar
    Yikes this is horrible
    11-14-13 05:16 PM
  3. trsbbs's Avatar
    In short, turn Link off at both ends.


    Posted via CB10 on a Verizon Z10 running 10.2.0.1791
    11-14-13 05:31 PM
  4. Poirots Progeny's Avatar
    That's not good!

    Posted via CB10
    11-14-13 06:15 PM
  5. cjcampbell's Avatar
    Not great news, but to credit BlackBerry, they found the issue and told people about it. As far as we know, it hasn't been exploited, and they have also found holes in the past only to patch them without known incident.
    11-14-13 06:33 PM
  6. Shanerredflag's Avatar
    Its just the NSA...carry on.
    11-14-13 06:35 PM
  7. Lostboy5151's Avatar
    We all know that mobile devices are much more sophisticated computers than your desktop or laptop. And, so much more vulnerable because of it's Wi-Fi capabilities.
    You wouldn't think of operating your PC without some kind of security software.So, why act so surprised?
    Last year alone 10's of thousands of virus's were reported on Android devices.
    And the majority of virus's on those devices came from Social Networks!

    It's so easy for cyber-criminals to compromise mobile devices. Think about it.

    You share your music, photo's and video's with the world. You let everyone know
    WHERE you're going, WHAT you're listening to on the way there. HOW you're getting there WHEN you get there and WHY you went there in the first place.
    And all the while you're being tracked by your GPS!

    Blackberry has good security but in a world where our government is already prepared to hack into another countries mainframe how hard do you think it would be to compromise a mobile device.?

    The most important app you should already have installed on your device is anti-virus/ security.
    And if you balk over $10.00 then you deserve to get hacked!

    There's just so many "found holes" and "patches" before you get hacked of your Contacts, Credit Card information and other things that you thought were secure!

    ... end of rant!
    Last edited by Lostboy5151; 11-16-13 at 05:57 PM.
    Shanerredflag likes this.
    11-16-13 05:46 PM
  8. BCITMike's Avatar
    Links?

    Posted via CB10
    11-16-13 06:28 PM
  9. 00stryder's Avatar
    How on Earth has this not been reported on yet? How am I just reading this?!

    Posted via CB10
    kevinnugent likes this.
    11-16-13 06:34 PM
  10. PorcinusMaximus's Avatar
    Good heads-up, but it doesn't sound like a huge deal. Here's the link to it:

    BSRT 2013-012 Vulnerability in remote file access feature impacts BlackBerry Link

    There's lots there, but a few highlights, first the Overview --

    "This advisory addresses an elevation of privilege or remote code execution vulnerability that is not currently being exploited but affects BlackBerry Link. BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without customer interaction. Successful exploitation can require that an attacker must persuade a user on a system with BlackBerry Link installed to click on a specifically crafted link or access a webpage containing maliciously crafted code. In the alternative scenario, successful exploitation requires that a local attacker must be able to log in to the affected system while the BlackBerry Link remote file access feature is running under a different user account. If the requirements are met for exploitation, an attacker could potentially gain access to, read, or modify data from the BlackBerry Link remote file access folder of the user account under which the BlackBerry Links remote file access feature is running. After installing the recommended software update, affected BlackBerry Link customers will be fully protected from this vulnerability." [emphasis mine]

    -- and from Mitigations:

    "Mitigations are existing conditions that a potential attacker would need to overcome to mount a successful attack or that would limit the severity of an attack. Examples of such conditions include default settings, common configurations and general best practices.

    The elevation of privilege attack scenario for this issue is mitigated in systems that do not support multiple users, and it is further mitigated by the requirement that the attacker must have valid local login credentials.

    Remote code execution attack scenarios for this issue are mitigated for all customers by the prerequisite that the attacker must persuade the customer to access the maliciously crafted link or visit a webpage containing maliciously crafted code.
    " [emphasis mine]
    00stryder likes this.
    11-16-13 06:51 PM
  11. LazyEvul's Avatar
    Did anyone bother to check whether or not they have fixed it? From the security advisory page:

    Affected Software
    BlackBerry Link for Windows version 1.0.1.12 to 1.2.0.28
    BlackBerry Link for Mac OS version 1.0.1 (build 6) to 1.1.1 (build 35)

    Non-Affected Software
    BlackBerry Link for Windows prior to version 1.0.1.12
    BlackBerry Link for Mac OS prior to version 1.0.1 (build 6)
    BlackBerry Link for Windows version 1.2.1.31
    BlackBerry Link for Mac OS version 1.1.1 (build 39)
    As usual, it's a matter of security being up to the user - keep your software up-to-date and you'll be fine.
    11-16-13 06:52 PM
  12. 00stryder's Avatar
    I'm glad they're being pro-active with this, but still surprised that I haven't seen this being reported at all. Other sites I get because they probably don't even know what RFA is, but CB? N4BB?

    Posted via CB10
    11-16-13 06:53 PM
  13. Brutal Efficiency's Avatar
    Horrible? They fixed a potential problem...

    BlackBerry Bold 9900; Q10; Z10 [BBM#6]
    11-16-13 10:02 PM
  14. Gerii's Avatar
    That's why they should give normal users the ability to access Samba shares directly from our device instead of that Link app.

    Posted via CB10
    11-17-13 09:42 AM
  15. glamrlama's Avatar
    That's why they should give normal users the ability to access Samba shares directly from our device instead of that Link app.

    Posted via CB10
    Use ES file explorer of ghost commander if you need simple access to local smb: shares
    11-17-13 03:10 PM

Similar Threads

  1. Le Grand Paris CB Meet-up!
    By Superfly_FR in forum News & Rumors
    Replies: 43
    Last Post: 03-03-14, 08:06 AM
  2. Pfizer Bails on BlackBerry
    By jic999 in forum BES 10
    Replies: 7
    Last Post: 12-03-13, 07:19 AM
  3. WTB - BlackBerry Z10 with a cracked screen!!!
    By tfp in forum The Marketplace - Buy, Sell & Trade
    Replies: 3
    Last Post: 11-15-13, 09:03 PM
  4. BlackBerry 10 & energy saving mode?
    By raymond7 in forum BlackBerry 10 OS
    Replies: 2
    Last Post: 11-14-13, 05:40 PM
LINK TO POST COPIED TO CLIPBOARD