Blackberry PlayBook Tablet Security Flaw Discovered
Research in Motion (RIM), the company behind BlackBerry smartphones and the struggling PlayBook tablet, faces a new security threat after Ben Nell, a consultant with the Intrepidus Group, and colleague Zach Lanier, a principal consultant with Intrepidus, announced the flaw during the Infiltrate Security Conference in Miami this week. The security flaw allows hackers to tap into a connection made between the tablet and handheld devices, according to a report on ThreatPost, a Kaspersky Lab security news site.
The report said the authentication token for BlackBerry Bridge, which uses Bluetooth technology to connect the two devices, could be located and acquired, allowing a hacker to access sensitive information, including email accounts. ThreatPost quoted Lanier, explaining while the Bridge is active, the token is in a place that is essentially world-readable, and the file being in a place that is world-readable is the issue that causes the problem with the Bridge sessions.
"The BlackBerry PlayBook issue described at the Infiltrate security conference has been resolved with BlackBerry PlayBook OS 2.0, which is scheduled to be available as a free download to customers in February 2012," RIM said in a statement published on ThreatPost. "There are no known exploits, and risk is mitigated by the fact that a user would need to install and run a malicious application after initiating a BlackBerry Bridge connection with their BlackBerry smartphone."
This isn't the first security flaw RIM has dealt with concerning the tablet, as it faces struggling sales in light of competition from an increasingly crowded tablet market. In December, the company patched a flaw that allowed users to jailbreak the PlayBook, but hackers soon found another security hole to exploit. On Dec. 5, a team of hackers, led by "Neuralic," released Dingelberry, a jailbreak tool, to make it easier for users to jailbreak their own PlayBook tablets in order to gain root access on the device.
RIM released an over-the-air update Dec. 6 to fix the flaw, but within hours of the patch, there was an updated version of Dingleberry available, exploiting a completely different flaw. RIM said the jailbreak exploited a security flaw in PlayBook's operating system, based on software from QNX, and that the company's BlackBerry smartphones were not vulnerable.
RIM unveiled the long-awaited software update for the PlayBook at this week's Consumer Electronics Show (CES) in Las Vegas. Dubbed PlayBook OS 2.0, the software update includes features demanded by users when the 7-inch tablet made its initial debut in April 2011. In addition to integrated messaging and calendar apps, the PlayBook will also offer a Video Store with new releases for rent or purchase. There is a palette of tools for rich-text email composing and editing, as well as updated document-editing capabilities. A new "reading view" for the Web browser will offer a streamlined way to read online news articles or Websites with large amounts of text. RIM said it plans on making the update available for download in February.