RIM Advises BlackBerry Users to Disable JavaScript

Thursday, March 17, 2011



RIM has issued an advisory to Blackberry users encouraging them to disable JavaScript to avoid attacks due to a vulnerability discovered during the recent Pwn2Own hacking competition at CanSecWest.

The vulnerability would allow attackers to execute code remotely as well as access sensitive data on the victim's device.

Although JavaScript is not the source of the vulnerability, the JavaScript code is necessary to carry out the exploit, and disabling the application will prevent a successful attack.

The advisory states:

Research In Motion is aware of recent reports of a vulnerability affecting the implementation of open source WebKit technology in the BlackBerry Browser in BlackBerry Device Software version 6.0 and later.

This security notice communicates the following key facts:

  • The exploitation of the vulnerability was performed at the Pwn2Own 2011 Contest and is publicly known.
  • At the time of release of this security notice, the BlackBerry Security Incident Response Team has not received any reports that this vulnerability has been successfully exploited on a BlackBerry smartphone outside of a test environment or has resulted in any impact to BlackBerry customers.
  • A successful exploit could allow the attacker to use the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not to access user data that the email, calendar and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone.

The attack uses a Return Oriented Programming (ROP) exploit, capitalizing on Blackberry's lack of Address Space Layout Randomization (ASLR), which prevents an attacker from using fragments of existing code to execute an exploit.

"ROP works by reusing existing code. By piecing together small code fragments already in memory, the attacker can do whatever they want, with enough time and patience. However, for ROP to work, the attacker needs to know the location of the executable code in memory. ASLR makes it impossible to do ROP in the absence of some additional vulnerability. The attacker cannot predict where the code fragments they want to reuse are located," says four time Pwn2Own winner Dr. Charlie Miller, who won again this year for successfully hacking the iPhone.

Also of concern for RIM, a Zeus Trojan designed specifically to run on the Blackberry operating system has recently been detected by researchers at Trend Micro.

The malware allows remote access of infected Blackberry devices by the attacker, who can then change the SMS message default number, add a new device administrator, control blocked call lists, and turn the device on and off.

Possibly Related Articles:
PDAs/Smart Phones
Blackberry malware Javascript Exploits Headlines Pwn2Own ASLR ROP Charlie Miller
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.