Critical vulnerability in BlackBerry 10 OS
BlackBerry has released an advisory that describes a critical privilege/permissions vulnerability in BlackBerry 10 OS. This vulnerability only affects versions that came before 10.0.10.648. The vulnerability also only affects the BlackBerry Z10 as the keyboard model Q10 was delivered with BlackBerry 10.1 OS.
The exploit uses BlackBerry Protect, a service that allows users to manage their device without having to use the BlackBerry Enterprise Service (BES). Protect can use BES find lost devices, lock or delete them, and reset the password. It can also back up and restore data. Protect is off by default and must be activated by the user.
As well as needing Protect enabled, the user must still install a malicious app, which then compromises a Protect-component so that it can intercept a password reset. This password reset requires the user, or someone who knows the BlackBerry ID and password, to go to the web site of BlackBerry Protect and request the password. If the attacker manages that, then the Protect component, compromised by the earlier malicious app, can let the attacker know the new password for the device. If he has physical access to the device, he can now log on successfully as the actual user. Otherwise, the attacker can only access Wi-Fi file sharing if the actual user has activated it.
BlackBerry recommends that users update the device software to at least version 10.0.10.648. Z10 and Q10 versions of BlackBerry 10.1 OS and later are available from the provider and are delivered OTA (over the air) as an update.