A vulnerability in the BlackBerry Protect software built into Z10 smart phones could allow hackers to gain access to the passwords of some devices, according to a security advisory issued by BlackBerry

By taking advantage of “weak permissions” malicious applications will be able to:

  • Gain the device password if a remote password reset command had been issued through the BlackBerry Web site
  • Intercept and prevent the phone from acting on BlackBerry Protect commands, such as remote wipe
BlackBerry said the issue is with the BlackBerry Protect software and not the Z10’s operating system.

“The most severe potential impact of this vulnerability requires a BlackBerry Z10 smart phone user to install a specially crafted malicious app, enable BlackBerry Protect and reset the device password through BlackBerry Protect,” the advisory said.

With the device password and physical access to the phone, an attacker can:

• Access the functionality of the smartphone (including the BlackBerry Hub, apps, data, and the phone) by unlocking the smartphone.
• Unlock the work perimeter on a BlackBerry Z10 smartphone that has BlackBerry Balance technology enabled if the work perimeter password is the same as the device password.
• Access the smartphone over a USB tether with either BlackBerry Link or the computer’s file viewer, allowing access to the smartphone’s personal files, contacts, PIM data, and so on. The attacker could also access work perimeter content on BlackBerry Balance smartphones if the work perimeter is unlocked and access over a USB tether is allowed by a policy that the IT administrator sets.
• Enable development mode after accessing the smartphone over a USB tether, allowing remote access as a low privilege development user.
• Change the current device password, allowing the attacker to deny access to the legitimate user of the smartphone.
• Access any other local and enterprise services for which the legitimate user has used the same password as the smartphone’s password.

An attacker can also gain Wi-Fi access to the phone if the owner enables Wi-Fi storage access on the Z10 and sets a storage access password that is the same as the device password.

« »