We told you yesterday about a group of Dutch security researchers from Certified Secure who hacked the iPhone 4S and IOS. They used a WebKit exploit by stringing along a zero day vulnerability along with a few other techniques to access the address book, contacts, photos, videos, and browsing history of any user who visited the website. This exploit worked in iOS 5 and the iOS 6 Gold Master beta and also works on the iPad, iPod Touch, and iPhone 4. These same security researchers then went on to say that BlackBerry devices are much easier security targets than the iPhone or even Android.
I doubted their claims due to lack of any proof but decided to reach out to Adrian Stone, RIM’s Director of BlackBerry Security Response, for a statement. Here is the official statement we received:
“Mobile Pwn2Own provides a safe environment for researchers to demonstrate their work and a valuable opportunity to collaborate with the security community. RIM products are designed, manufactured and supported by a robust security architecture that helps protect our customers and their information. By using a multi-layered approach to security, the BlackBerry platform offers customers industry-leading, third-party certifications, advanced encryption, 24/7 security response team and unparalleled enterprise management capabilities. As the mobile threat landscape evolves, our unwavering commitment to end-to-end security and innovative research will ensure we continue to provide the unique level of protection our customers have come to rely upon.”
While it is not a resounding “no the BlackBerry browser is secure” it goes to show that RIM is actively engaging security researchers. They even sponsored the Pwn2Own event that led to this hack being unveiled. RIM has been bitten by WebKit open source browser vulnerabilities in the past so it could be that we will see OS updates rolling out for it shortly. Either way I am very curious to see what security features RIM is baking into BlackBerry 10 to ensure they are ready for the next 10 years of threats.