Rim The Makers Of BlackBerry Asks Users To Disable Javascript To Remain Safe

Internet Security news manually selected from the leading news sources.

Pwn2Own, the annual hacker contest held at CanSecWest Security Conference, this year saw a new breed of attacks specifically targeting the smart phones.

 

Blackberry’s Torch 9800 which runs Blackberry OS 6.0 was one of the targets in the hacking contest.

 

Two researchers, Willem Pinckaers of Matasano and Vincenzo Lozzo an independent researcher were able to steal pictures, contact list from the device.

 

Not only that, they were also able to write to a file in Blackberry’s storage system. Willem and Vincenzo performed this through formulating a website having chained a series of vulnerabilities and browsing the same through the webkit-based browser on the phone.

 

What came as a surprise was the revelation by the researchers that there is a no protection mechanism in Blackberry other than a primitive sandbox system to isolate the sensitive parts of the Phone’s OS from the applications. Four days after this exposure, Research in Motion in a rather unusual recommendation has suggested that users would need to disable JavaScript to protect themselves from the critical vulnerability.

 

The Advisory (http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB26132) suggested that "Users of BlackBerry Device Software version 6.0 and later can disable the use of JavaScript in the BlackBerry Browser to prevent exploitation of the vulnerability," RIM said in the advisory. " The vulnerability that was targeted was an integer overflow in Webkit which is a browser used in Blackberry as well as other well known smart phones like iPhone and android based smartphones.

 

The drawback according to RIM would be a reduction in quality of the browsing experience to the users. The advisory claimed that the emails of the users are still safe and there is no leakage of other personal information. This vulnerability would result in a scar in the otherwise secure platform of Blackberry and would certainly bring forward questions as to the reliability of the platform that RIM markets itself to have.

 

The members of the security team of RIM are "investigating the issue to determine the best resolution for protecting". The models affected besides Torch 9800 are Bold 9700, Bold 9650, Curve 9300 and Pearl 9100.