Pwn2Own, the annual hacker contest held at CanSecWest Security Conference, this year saw a new breed of attacks specifically targeting the smart phones.
Blackberry’s Torch 9800 which runs Blackberry OS 6.0 was one of the targets in the hacking contest.
Two researchers, Willem Pinckaers of Matasano and Vincenzo Lozzo an independent researcher were able to steal pictures, contact list from the device.
Not only that, they were also able to write to a file in Blackberry’s storage system. Willem and Vincenzo performed this through formulating a website having chained a series of vulnerabilities and browsing the same through the webkit-based browser on the phone.
The drawback according to RIM would be a reduction in quality of the browsing experience to the users. The advisory claimed that the emails of the users are still safe and there is no leakage of other personal information. This vulnerability would result in a scar in the otherwise secure platform of Blackberry and would certainly bring forward questions as to the reliability of the platform that RIM markets itself to have.
The members of the security team of RIM are "investigating the issue to determine the best resolution for protecting". The models affected besides Torch 9800 are Bold 9700, Bold 9650, Curve 9300 and Pearl 9100.