Seeking Alpha

KIA Investment ...'s  Instablog

KIA Investment Research
Send Message
A little bit about me: I hold two US issued software patents and one issued internationally. I have 3+ decades experience as a software architect and 14 years as an intellectual property researcher. I've delivered 1/2 a dozen shrink-wrap retail software packages to market and spent 3 years at... More
  • BlackBerry 10.2.1 Android Runtime BES Security Flaw Discovered 7 comments
    Feb 21, 2014 8:13 PM | about stocks: BBRY

    BlackBerry 10.2.1 recently began rolling out to users worldwide. The Android runtime, which allows you to install Android APKs directly, looks to have a security flaw.

    Frank Büttner from the ABS Team GmbH has found that even while having a BES policy in place to block his business contacts, his installed Android apps such as Skype and Go Launcher EX were able to pull his BES contacts.

    You can toggle the availability of this information with the "Personal Apps Access to Work Contacts" policy. There are three options for allowing apps access to your BES contact info: All, Only BlackBerry Apps, or None.

    Though, as found by Büttner, no matter what policy is set in place the Android apps still have access to the work contacts. This is interesting in itself, as Android apps are not allowed on the work-side of BlackBerry 10, only native apps.

    BlackBerry is now aware of the security flaw and has issued the following official statement to us:

    "We have investigated an issue in the Android player involving specific app permissions, which will be addressed in a forthcoming software update."

    BlackBerry will be at the mercy of the carriers to swiftly roll out an update. If you're running Android apps that gain access to your contacts, beware.

    Courtesy N4BB

    Read the full story here:

    So much for BlackBerry superior security.

    A closing thought: Wasn't there an argument a while back that said the DoD wouldn't care about Android apps on a BB10 device since they were sandboxed in the 'personal' work space?

    I would guess that at a minimum the DoD would now require disabling the whole Android runtime environment if these devices are to ever get any sort of government or military use.

    Disclosure: I am short BBRY.

    Themes: mobile, security Stocks: BBRY
Back To KIA Investment Research's Instablog HomePage »

Instablogs are blogs which are instantly set up and networked within the Seeking Alpha community. Instablog posts are not selected, edited or screened by Seeking Alpha editors, in contrast to contributors' articles.

Comments (7)
Track new comments
  • KIA Investment Research
    , contributor
    Comments (11212) | Send Message
    Author’s reply » Here is the link to the German security document
    21 Feb 2014, 08:42 PM Reply Like
  • LYogi
    , contributor
    Comments (2553) | Send Message
    10.3 is on its way to rectify this. Once that then what: BB10 will be fully secure?




    We forget that time is not static and that issues that are found will be fixed.


    And then the platform becomes stronger.


    Don't forget that the platform has only bee out for a year and the difference between 10.1 and 10.2.1 is of magnitudes!!
    21 Feb 2014, 08:44 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (11212) | Send Message
    Author’s reply » But remember when a flaw was found in KNOX? According to BlackBerry longs that flaw spelled absolute doom for KNOX.


    Not so for BlackBerry eh?


    The bottom line is BlackBerry is not secure.
    If a bug was found in the first few weeks of 10.2.1's release, expect more to follow.


    Your work contacts compromised by billy-bob's flashlight app? lol. This is a doozy by the way, a absolute doozy.
    21 Feb 2014, 08:51 PM Reply Like
  • LYogi
    , contributor
    Comments (2553) | Send Message
    whatever BB's flaw it pales in comparison to this:



    Apple is in big trouble but then again, us BBRY longs have known that for some time ;)
    21 Feb 2014, 09:06 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (11212) | Send Message
    Author’s reply » Keep redirecting LYogi :P
    21 Feb 2014, 10:32 PM Reply Like
  • Ziffster
    , contributor
    Comments (387) | Send Message
    The original article doesn't provide much insight into exactly what info is shared. If all that is shared is the contact list, that is less of a concern than if the shared info includes data such as access to information like calendar. I have to agree it is bit of a shiner either way.


    Although concerning, it would not be surprising if it doesn't get addressed before 10.3 since it is only a short time away. Problem with simply coming out with a patch is that service providers would need to cooperate to actually deploy the patch.
    24 Feb 2014, 12:58 PM Reply Like
  • KIA Investment Research
    , contributor
    Comments (11212) | Send Message
    Author’s reply » Ziff, IMHO the Personal partition accessing data in the Work Partition is as bad as or worse than the actual data (in this case the Contact list) accessed.


    It shows that there is no hardware separation between the two and that the software separation is squishy with some holes in it.


    Hackers will likely take this knowledge and start poking around in the was suggested by this particular flaw to see what other access can be exploited.
    24 Feb 2014, 02:21 PM Reply Like
Full index of posts »
Latest Followers


More »

Latest Comments

Posts by Themes
Instablogs are Seeking Alpha's free blogging platform customized for finance, with instant set up and exposure to millions of readers interested in the financial markets. Publish your own instablog in minutes.