Critical security vulnerability warning issued for BlackBerry Z10

Blackberry has issued a security vulnerability warning to owners of its Z10 smartphones.

The vulnerability potentially allows a hacker to modify or edit data on a stolen BlackBerry Z10 smartphone with BlackBerry Protect enabled.

BlackBerry Protect is software which is supposed to help users delete sensitive files on a lost or stolen smartphone, or recover it again if it is lost.

“An escalation of privilege vulnerability exists in affected versions of BlackBerry Z10 smartphones. Under specific conditions, this vulnerability could allow a malicious app to take advantage of weak permissions on a BlackBerry Protect object,” BlackBerry states

“Taking advantage of the weak permissions could allow the malicious app to gain the device password if a remote password reset command had been issued through the BlackBerry Protect website, [or] intercept and prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe.

“The most severe potential impact of this vulnerability requires a BlackBerry Z10 smartphone user to install a specially crafted malicious app, enable BlackBerry Protect, and reset the device password through BlackBerry Protect.”

The company points out the vulnerability only affects the Z10, with other BlackBerry 10 devices, such as PlayBook tablets or Q10 smartphones, and smartphones running earlier versions of BlackBerry unaffected.

The company also points out that no known virus or malicious apps currently take advantage of the vulnerability.

The company is urging owners of BlackBerry Z10 smartphones to do update software on their devices, to not enable BlackBerry Protect until they have completed such an update, and to read prompts asking to install third party apps to read through the permissions they request carefully.

Users should also choose a WiFi password that is different to their device password to increase their security.

Trending

COMMENTS

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments