Research In Motion has plugged a security hole that left BlackBerry users open to phishing attacks.
The bug lies in the BlackBerry browser dialog box, which provides information about Website domain names and their associated certificates. While the dialog box informs users when there is a mismatch between site domain names and domain names indicated in associated certificates, it does not properly illustrate that the mismatch is due to the presence of some hidden characters in the site domain name.
As a result, users can be fooled more easily into logging on to malicious sites.
"A malicious user could create a web site that includes a certificate that is purposely altered using null (hidden) characters in the certificate's Common Name (CN) field or otherwise manipulated to deceive a BlackBerry device user into believing they have connected to a trusted web site," according to the company's advisory.
"If the malicious user then performs a phishing-style attack by sending the BlackBerry device user a link to the web site in an SMS or email message that appears to be from a trusted source, and the BlackBerry device user chooses to access that site, the BlackBerry browser will correctly detect the mismatch between the certificate and the domain name and display a dialog box that prompts the user to close the connection," the advisory continues. "However, the dialog box does not display null characters, so the user may believe they are connecting to a trusted site and disregard the recommended action to close the connection."
The bug impacts BlackBerry Device Software versions 4.5 and later. RIM has addressed the issue in an update available here.