BlackBerry Z10 security flaw too fiddly to exploit

BlackBerry claims hackers would need significant access to device and user to exploit BB10 software vulnerability.

BB10 Z10 smartphones

A flaw in the BlackBerry Z10 smartphone, which could potentially allow hackers to gain root-level access to the device has been played down by a security expert who deems it too fiddly to exploit.

BlackBerry alerted Z10 users several days ago to the security flaw on its Knowledge Base blog, and explained that Q10 users and people running the latest version of the software should not be affected.

The vulnerability could potentially allow hackers to gain access to resources that are usually reserved for senior management, or to permit applications to carry out unauthorised actions.

However, the blog post said the steps needed to exploit the vulnerability require a high degree of user interaction and physical access to the device.

"Successful exploitation requires not only that a customer enable Blackberry Protect, use the feature to reset the device password, and download a specifically crafted malicious app, but an attacker [would also need to] gain physical access to the device," the blog post explained.

"If all of the requirements are met for exploitation, an attacker could potentially access or modify data on the device," it added.

BlackBerry Protect is an optional feature in BB10 that allows Q10 and Z10 users to remotely track, lock, wipe and display a message on the device by logging into an online portal.

At the moment, the smartphone maker said it is not aware of any examples where the vulnerability had been exploited.

Given the number of steps and proximity to the device hackers would need to have, Michael Sutton, vice president of security research at vendor Zscaler, said exploitation is unlikely.

"BlackBerry has historically had a strong reputation for building a secure operating system, making it a popular choice for security conscious enterprises, even as Apple and Google have dramatically eaten away at their overall market share," said Sutton.

"Fortunately, the vulnerability affects a relatively narrow scope of devices and would require a fairly specific chain of events to achieve successful exploitation."

 

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

BlackBerry and AWS are developing a standardized vehicle data platform
operating systems

BlackBerry and AWS are developing a standardized vehicle data platform

1 Dec 2020
BlackBerry thwarts mobile phishing attacks with new AI tools
Security

BlackBerry thwarts mobile phishing attacks with new AI tools

6 Oct 2020
BlackBerry Persona Desktop delivers zero-trust security at the endpoint
Security

BlackBerry Persona Desktop delivers zero-trust security at the endpoint

6 Oct 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
London ranks second to Silicon Valley as world's best startup hub
startups

London ranks second to Silicon Valley as world's best startup hub

22 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021