BlackBerry Z10 security flaw too fiddly to exploit

BlackBerry claims hackers would need significant access to device and user to exploit BB10 software vulnerability.

BB10 Z10 smartphones

A flaw in the BlackBerry Z10 smartphone, which could potentially allow hackers to gain root-level access to the device has been played down by a security expert who deems it too fiddly to exploit.

BlackBerry alerted Z10 users several days ago to the security flaw on its Knowledge Base blog, and explained that Q10 users and people running the latest version of the software should not be affected.

The vulnerability could potentially allow hackers to gain access to resources that are usually reserved for senior management, or to permit applications to carry out unauthorised actions.

However, the blog post said the steps needed to exploit the vulnerability require a high degree of user interaction and physical access to the device.

"Successful exploitation requires not only that a customer enable Blackberry Protect, use the feature to reset the device password, and download a specifically crafted malicious app, but an attacker [would also need to] gain physical access to the device," the blog post explained.

"If all of the requirements are met for exploitation, an attacker could potentially access or modify data on the device," it added.

BlackBerry Protect is an optional feature in BB10 that allows Q10 and Z10 users to remotely track, lock, wipe and display a message on the device by logging into an online portal.

At the moment, the smartphone maker said it is not aware of any examples where the vulnerability had been exploited.

Given the number of steps and proximity to the device hackers would need to have, Michael Sutton, vice president of security research at vendor Zscaler, said exploitation is unlikely.

"BlackBerry has historically had a strong reputation for building a secure operating system, making it a popular choice for security conscious enterprises, even as Apple and Google have dramatically eaten away at their overall market share," said Sutton.

"Fortunately, the vulnerability affects a relatively narrow scope of devices and would require a fairly specific chain of events to achieve successful exploitation."

 

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022