RIM is playing a cat-and-mouse game with the jailbreak community as it patches a security hole to block the Dingleberry tool, but hackers have found another flaw.
Less than a
day after Research in Motion patched a flaw that allowed users to jailbreak the
PlayBook, hackers have found another security hole to exploit.
On Dec. 5, a
team of hackers, led by "Neuralic," released Dingelberry, a jailbreak
tool, to make it easier for users to jailbreak their own PlayBook tablets in
order to gain root access on the device. The team had initially posted a video
demonstrating a successful jailbreak a few days earlier.
One of the
things users could do with the jailbreak was to access the Android Market and
download applications onto the tablet. While RIM is building Android support in
PlayBook OS 2.0, users willing to hack the tablet's OS could take advantage of
the hundreds of thousands of applications on the Android Market without waiting
for the OS update.
shouldn't be able to do any permanent damage, but make sure to back up before
playing with anything," Neuralic warned, adding, "I take no
responsibility for damage to your device."
smartphones is not illegal, as the Electronic Frontier Foundation won an
exemption from the United States Copyright Office to protect users back in
2009. The EFF is currently requesting similar exemptions to the Digital
Millennium Copyright Act to allow users to jailbreak video game consoles and tablets
an over-the-air update Dec. 6 to fix the flaw, but within hours of the patch,
there was an updated version of Dingleberry available, exploiting a completely
different flaw. The initial flaw exploited the fact that backups taken by the
BlackBerry Desktop Manager aren't digitally signed, according to a report on CrackBerry.com
makes a local backup of the entire device, but since it isn't signed, it is
possible to exploit file permissions and inject code into files and change the
backup image, according to the site. CrackBerry
claimed to have warned RIM about the exploit
back in April when
the tablet was first released.
It's not yet
known what kind of a flaw is being exploited by the updated Dingleberry tool.
RIM said the
jailbreak exploited a security flaw in PlayBook's operating system, based on
software from QNX, and that the company's BlackBerry smartphones were not
vulnerable. However, upcoming BlackBerry smartphones are expected to run on the
same operating system as the PlayBook.
products is notoriously difficult, as the company prides itself on using strong
encryption and rigorous security testing. The PlayBook was awarded FIPS
certification, a government-grade security certification, by the National
Institute of Standards and Technology earlier this year, making it the only
tablet to date to have achieved it. FIPS certification is required for all
devices being used within the federal government.
game RIM is playing with hackers is similar to Apple's own experiences with the
jailbreaking community. Even Amazon is discovering how quickly the community
can find flaws and update its tools. A group of hackers released a jailbreak
tool shortly after the Kindle Fire source code was released last month. Users
who rooted Amazon's tablet were able to get the Android Market application,
Calendar and Gmail running on the Kindle Fire.
released a required software update to block the jailbreak tool from running,
but the hackers in the XDA community were able to circumvent the patch and
release an updated exploit using the same software.