Flaw in BlackBerry Protect app addressed, impacts Z10 smartphone users

Share this article:
Flaw in BlackBerry Protect app addressed, impacts Z10 smartphone users
Flaw in BlackBerry Protect app addressed, impacts Z10 smartphone users

A bug has been fixed in the BlackBerry Protect application – which was designed to help users find their lost mobile devices – lowering the chance that a skilled attacker could access data belonging to Z10 smartphone users.

In a worst-case scenario, a hacker could unlock the victim's phone and access a host of data on the device, including information in the work perimeter (specifically designed to separate work and personal data on BlackBerry devices).

The intruder would need to have physical access to the phone, however, and be skilled enough to install their own malicious app on a Z10 BlackBerry phone, start the vulnerable BlackBerry Protect app, and reset the device password using the app, according to a security advisory from BlackBerry published last Tuesday.

After exploiting the device, an attacker could access personal files, contacts, work perimeter content (if the perimeter is unlocked) and other data on the phone. In addition, a crafty saboteur could reset users' passwords, locking the smartphone owner out of their own device.

As well, with a victim's password, but no physical access to the phone, an attacker could remotely gain access by using Wi-Fi. However, this is only possible if the user has enabled Wi-Fi storage access on their phone and used the same password for storage access.

BlackBerry's security advisory called the bug an “escalation of privilege vulnerability,” which could allow a “malicious app to take advantage of weak permissions on a BlackBerry Protect object.”

Users can mitigate the threat by downloading version 10.0.10.648 of the BlackBerry 10 operating system.

News of the vulnerability comes not long after the U.S. Department of Defense cleared the use of BlackBerry's latest device, the Z10 model, to be sold to the Pentagon.

In May, the Defense Information Systems Agency (DISA) said it approved BlackBerry Enterprise Service (BES) 10 on BlackBerry's Z10 and Q10 smartphones and PlayBook tablets, as well as Knox (based on the Android operating system) on Samsung's just-released Galaxy S4, to run on its internal networks.

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.