Researchers have exposed a security hole in the BlackBerry PlayBook tablet. The vulnerability has to do with the BlackBerry Bridge software that links the device with a user’s phone.
This software could be used to get unauthorized access to corporate email messages.
When Research In Motion (RIM) launched the PlayBook last year, it didn’t have a built-in way to access email or calendars. Instead, users were expected to link the PlayBook with a BlackBerry phone via bridging software that connects the two devices wirelessly. Although less convenient than native functions, the setup was thought to be inherently more secure since the information was never actually stored on the tablet.
That may have been a tad optimistic. A pair of researchers now say they’ve successfully hacked into a PlayBook using the supposedly secure BlackBery Bridge Bluetooth connection. Although the hack requires some special conditions, it hits RIM on its biggest strength compared to other devices: security.
Zach Lanier and Ben Nell of Intrepidus Group were the ones who found the Bridge’s weak spot. They included it in their Blade Runner-themed presentation at the Infiltrate security conference last week in Miami Beach, FL, first reported by ThreatPost. The problem, as they describe it, is a bug that exposes the Bridge’s authorization token, which is normally in a protected file, to anyone who knows where to look.
“Think of it like this,” Lanier told Mashable, “the Bridge apps on the PlayBook are glorified web browsers. They use a session token, much like a browser talking to a web application would, to assert their authorization with the BlackBerry Bridge service. Due to a bug in TabletOS, this session token is accessible in a file that is readable by any user, including unprivileged applications and processes.”
While that sounds bad (and it is), the danger is limited in two key ways:
The user must be using BlackBerry Bridge to expose the token (unless the phone has no password set — then it can be used anytime).
There must be some kind of malicious app already on the PlayBook to exploit it.
The hypothetical hacker doesn’t actually have to be physically close to the PlayBook in question. Lanier confirmed to that the only thing necessary is malware on the tablet designed to exploit the token. If that’s the case, once the bridge is engaged and the bad app is running, every email and calendar appointment is potentially in the hands of hackers.
The good news is that the security hole will be patched in PlayBook 2.0, RIM’s software update that will also finally bring native email to the tablet. RIM knew about the flaw through Intrepidus Group and issued the statement: “There are no known exploits and risk is mitigated by the fact that a user would need to install and run a malicious application after initiating a BlackBerry Bridge connection.”