BlackBerry urges users to disable Javascript, halt browser in wake of flaws


BlackBerry urges users to disable Javascript, halt browser in wake of flaws

Ryan Cloutier, Contributor

Research in Motion (RIM) is urging customers who use the popular BlackBerry handset to disable Javascript in their mobile Web browsers.

RIM's concern stems from the

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

exploitation of a vulnerability in the open source Webkit browser, which recently debuted at Mobile World Congress in Barcelona, and was exploited in a hacking contest at CanSecWest's Pwn2Own competition in Vancouver, B.C. The team of three (two of whom took last year's competition by breaking into the iPhone) used a browser exploit in conjunction with another vulnerability to steal the phone's contact list and image database, as well as gain remote code execution.

The exploit can also allow access to data stored on a user's media card; however, it cannot grant access to email or calendar data.

The flaw is not within Javascript, but requires Java to exploit the vulnerability. The flaw affects BlackBerry Device Software version 6.0 and later. At the time of the posting of the advisory, RIM was unaware of any active attacks targeting the vulnerability outside of a test environment.

As a secondary option to disabling Javascript, RIM suggests disabling the BlackBerry browser.

The phone, a BlackBerry Torch 9800, fell on the same day as Apple's iPhone 4. Both phones were hacked as part of Pwn2Own, a hacking competition held by Austin-based HP subsidiary TippingPoint DVlabs. These two phones and many other full-fledged browsers and operating systems fell at Pwn2Own. No one attempted to breach Mozilla Firefox, a Samsung Nexus S running Android 2.3, a Dell Venue pro running Windows Phone 7 or Google Chrome.