News & Analysis
Comment
Steve_B
This is an important point, often overlooked: if you have physical access to a ...
DVanditmars
Being 'hacked' by the end user is a lot different than being hacked by someone ...
RIM's PlayBook hacked, patched, hacked again
Sylvie Barak
12/7/2011 3:14 PM EST
MOUNTAIN VIEW, Calif.--Last week, security researchers posted a video showing a successful BlackBerry PlayBook hack, exploiting a security hole in Research in Motion’s enterprise level security encryption and granting users root access to the system.
RIM responded to the jailbreaking of its tablet by claiming it was just the PlayBook and not the firm’s phones which had been compromised, promising to investigate the issue.
The BlackBerry PlayBook’s operating system is based on software from QNX, which upcoming BlackBerry smartphones will also be running on.
The researchers, led by main hacker “Neuralic” decided to take the experiment a step further, releasing the jailbreak tool –known as Dingleberry-- to the public, via Twitter.
RIM quickly released an OTA update to fix the security breach, but within hours of the patch, Neuralic’s hack squad had jailbroken it again, releasing an updated version of Dingleberry to the public for download.
On Wednesday (Dec. 7) morning, hacker Chris Wade posted that there had been 14581 downloads of the PlayBook jailbreak thus far.
RIM had previously stated that all of its mobile devices were rigorously tested by third-party security researchers every day. Indeed, some feel it is only on the strength of RIM’s strong security credentials that BlackBerry products continue to be popular with enterprises and governments, with even the U.S. president owning one.
Last week, hackers managed to root Amazon’s Kindle Fire, and also managed to circumvent a patch purportedly meant to “fix” the hole.
It’s one thing to hack Android, an open operating system, however, but being able to jailbreak a BlackBerry device and circumvent a patch meant to fix the flaw within hours, is certainly embarrassing news for RIM, which has always prided itself on its strong encryption.
You can see the original rooting video below (watch in Firefox/Chrome):
RIM responded to the jailbreaking of its tablet by claiming it was just the PlayBook and not the firm’s phones which had been compromised, promising to investigate the issue.
The BlackBerry PlayBook’s operating system is based on software from QNX, which upcoming BlackBerry smartphones will also be running on.
The researchers, led by main hacker “Neuralic” decided to take the experiment a step further, releasing the jailbreak tool –known as Dingleberry-- to the public, via Twitter.
RIM quickly released an OTA update to fix the security breach, but within hours of the patch, Neuralic’s hack squad had jailbroken it again, releasing an updated version of Dingleberry to the public for download.
On Wednesday (Dec. 7) morning, hacker Chris Wade posted that there had been 14581 downloads of the PlayBook jailbreak thus far.
RIM had previously stated that all of its mobile devices were rigorously tested by third-party security researchers every day. Indeed, some feel it is only on the strength of RIM’s strong security credentials that BlackBerry products continue to be popular with enterprises and governments, with even the U.S. president owning one.
Last week, hackers managed to root Amazon’s Kindle Fire, and also managed to circumvent a patch purportedly meant to “fix” the hole.
It’s one thing to hack Android, an open operating system, however, but being able to jailbreak a BlackBerry device and circumvent a patch meant to fix the flaw within hours, is certainly embarrassing news for RIM, which has always prided itself on its strong encryption.
You can see the original rooting video below (watch in Firefox/Chrome):
|
|
|
|
|
Navigate to related information
Frank Eory
12/7/2011 4:06 PM EST
It really has been an embarrassing week for RIM. Besides this Playbook hack, there was the incident a few days ago in which two RIM executives (they are now former executives) were arrested for being drunk and disorderly on a flight to China.
I hope RIM again finds its footing in 2012.
Sign in to Reply
LJM
12/7/2011 4:09 PM EST
Honestly, RIM is hanging on by a thread. Once they lose their security trust/cache in the corporate space, no one is going to lay their device next to an Apple device and say, "Yup, RIM wins this battle." Do you know anyone who chooses RIM for a personal device?
Sign in to Reply
SylvieBarak
12/7/2011 5:33 PM EST
I have a BlackBerry device that's personal... but I am honestly thinking of switching next refresh cycle!
Sign in to Reply
markhahn
12/7/2011 4:52 PM EST
Sorry, why is it embarassing, or even a concern for RIM how Playbook owners use their devices?
A jailbreak tool is a bugfix: correcting the manufacturer's failure to provide the owner with full access.
Sign in to Reply
Frank Eory
12/7/2011 5:26 PM EST
For the business user, RIM's security is one of its big selling points. I doubt that many of those customers will think that the ability to exploit a security hole in the crypto is a bug fix!
Ask any corporate IT manager how he/she feels about users getting root access to company-owned IT assets and let us know what kind of replies you get.
Sign in to Reply
PoseTech
12/7/2011 6:52 PM EST
RIM is certainly going downhill. They couldn't even secure the name of their next generation operating system, being force to change it from BBX to BlackBerry 10. This is a real bad oversight from the management team. RIM needs a huge overhaul of their management team if they want to stay in the game with Apple and Google.
Sign in to Reply
Chris.Ciufo
12/7/2011 7:48 PM EST
In fairness to RIM, recent FORTUNE article clearly chronicles their arduous decisions to stick with their enterprise knitting at the expense of the hip smartphone market.
Yet, if RIM loses the faith of the IT dudes (as Frank Eory points out, above), they are yesterday's toast. Even though my corporate-issued Curve works pretty darn well. (I know: this hack is about a tablet, not a phone, yet guilt by association...or credibility lost...)
Sign in to Reply
SylvieBarak
12/7/2011 10:47 PM EST
I have a Playbook and have never ever found a reason to use it. Maybe now that there's a hack, I can finally find something useful and fun to do with it!
Sign in to Reply
wave.forest
12/8/2011 6:51 AM EST
"RIM had previously stated that all of its mobile devices were rigorously tested by third-party security researchers every day"
It'll be interesting to know who the third-party are. It appears the third-party did a lousy job.
Sign in to Reply
DVanditmars
12/9/2011 11:36 AM EST
Being 'hacked' by the end user is a lot different than being hacked by someone via the connected network.
Sign in to Reply
Steve_B
12/10/2011 11:30 AM EST
This is an important point, often overlooked: if you have physical access to a system, there are a lot more attacks that you can try than if you're trying to do it remotely. I'd really love for the writer to have followed up that aspect of the story. Does the security flaw they exploited even imply that it could be forcibly done to your device? now THAT would be newsworthy and relevant to RIM security in a way that this exploit really isn't.
Sign in to Reply