Mobile WorkHorse

By Al Sacco
About this Blog:

Al Sacco writes about (and drools over) anything and everything mobile or wireless as it applies to the global workforce--with a focus on BlackBerry smartphones

| See Al's Posts
Al Sacco

BlackBerry Security: RIM Tells Users, Admins to Disable Webkit Browser JavaScript

BlackBerry users running the BlackBerry 6 OS should disable browser JavaScript to avoid a potential security issue, RIM says.

Posted March 16, 2011 to Mobile/Wireless |
. What's this?

On the heels of news that "white hat" hackers had identified and exploited a flaw in RIM's BlackBerry 6 Webkit browser at the annual Pwn2Own hacking contest in Vancouver, B.C., BlackBerry-maker Research In Motion (RIM) has issued a security advisory instructing BlackBerry users with smartphones running the company's BlackBerry 6 OS, as well as BlackBerry Enterprise Server (BES) administrators supporting BlackBerry 6 devices, to disable the BlackBerry Webkit browser's JavaScript functionality.


BlackBerry 6 Webkit Browser Options Screen
BlackBerry 6 Webkit Browser Options Screen

This is the first year a Pwn2Own participant was able to "crack" RIM's BlackBerry OS, which is typically considered the most secure mobile OS. Hackers Vincenzo Iozzo, Willem Pinckaers and Ralf Philipp Weinmann gained access to all contact information and the device image-database on a BlackBerry Torch running RIM's BlackBerry OS 6.0.0.246, via RIM's WebKit browser, which is only found in the company's BlackBerry 6 OS and not previous software versions, according to ZDNet.com.

In other words, the flaw only affects users running RIM's BlackBerry 6 OS and later, and other BlackBerry owners with earlier device software need not worry about the flaw.

On Monday, RIM released an official response to the news from Pwn2Own, issuing a security advisory that calls for all BlackBerry 6 users and administrators to disable the JavaScript function in their BlackBerry 6 Webkit browser, until RIM can release a software fix.

RIM says its BlackBerry Security Incident Response Team has not received any reports that the browser flaw has been successfully exploited on a BlackBerry smartphone outside of a test environment or has resulted in any impact to BlackBerry customers, but it's still a good idea to disable JavaScript just in case, especially since the exploit is now getting so much mainstream attention.

To disable your Webkit Browser JavaScript, simple open your BlackBerry Browser, hit your BlackBerry Menu key, choose Options and then uncheck the box next to "Enable JavaScript," under the Web Content section. Save your changes and you're good to go.

BES admins can disable their BlackBerry 6 users' JavaScript in one fell swoop by employing the BES "Disable JavaScript in Browser" IT policy rule, or they can turn off the BlackBerry Browser all together via a similar IT policy, according to RIM.

Additional information on the flaw, along with RIM's suggested workarounds, can be found on the BlackBerry Technical Solution Center site.

AS


Al Sacco covers Mobile and Wireless for CIO.com. Follow Al on Twitter @ASacco. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Al at asacco@cio.com

Print
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Browse CIO Blogs

See all CIO Blogs »

White Papers »
IT Management in the Cloud
Cloud computing has emerged as one of the most significant game changers to hit the technology landscape in the past 20 years. With this massive expansion of the cloud, the perception of the IT organization is shifting from a utility player to a change agent. This eBook breaks down five ways progressive organizations are using cloud-based IT Management solutions to help drive innovation and become more strategic, including: adding visibility and analytics, speeding up time-to-value, lowering costs, improving prioritization, and providing a blueprint for future cloud deployments.
Citigroup Transforms Application Development with an IBM Cloud Solution
Read the white paper to see how IBM helped Citigroup deliver new services and enhancements to their 200 million customers faster.
Extending the Value of Legacy Applications
There are 3 ways to modernize legacy applications: rewrite completely, acquire packaged solutions or migrate existing code. This paper explains why it's best to migrate and how IBM® Rational® software can help.
The Hybrid Computing Proposition
Accommodating specific lines of business can result in a hybrid ecosystem of applications and servers. The resulting complexity of this architecture makes for an environment that is costly to maintain and difficult to change when addressing new challenges.
Picking a Sensible Mobile Password Policy
This whitepaper will help you to define a mobile device passcode policy. Security managers must attempt to reconcile two opposing goals. They must: 1) create a passcode policy that is strong enough to protect the device if it is lost or stolen, while: 2) not annoying users with needless length or complexity.
Why You Should Consider Cloud-Based Email Archiving
This whitepaper, authored by The Radicati Group, looks at the key reasons organizations should consider moving to a cloud-based archiving solution. Email archiving solutions enable organizations to store, monitor, and collect electronic data exchanged by their users to comply with internal policies and regulations.
Webcasts »
Does Your IT Initiative Require Real End User Experience Monitoring?
ATERNITY will showcase a 30-minute demo on how Fortune 500 companies are leveraging its award-winning FPI Platform to deliver a user-centric approach to Proactive IT Management.
IPv6 is Coming...Are you Ready?
For businesses to move forward and tap into the ever-expanding universe of Internet users and network-enabled devices, it's critical to learn how to make the transition to IPv6. Learn the critical steps your organization must take to make a seamless transition-and keep your business world connected.
Spear Phishing and the Modern Cyber Attack
Learn how IT teams can protect against spear phishing tactics. Harry Sverdlove, chief technology officer of Bit9 offers a frank discussion about spear phishing - the most common technique used in today's advanced attacks.
The Business Case for Migrating to Red Hat Enterprise Linux
Learn how to build a solid business case for your migration to Red Hat Enterprise Linux so you can run leaner, innovate faster, be more flexible and own the New Now.
Social Media: The Impact on the Multichannel Contact Center and Your Customers
Social media isn't about you; it's about everything around you. As you consider how your customers want to communicate with you, social media is something that can't be ignored. But what should your strategy be? Is social media "just another channel?" What kind of a plan makes sense for your contact center and for your customers? Join our experts as they share their insight and research results.
Advanced Authentication Methods: Software vs Hardware
Hardware tokens were a popular method of strong authentication in past years but the cumbersome provisioning and distribution tasks, high support requirements and replacement costs have limited their growth. The additional log-in steps that hardware tokens require and the resulting user frustrations have limited adoption and make them impractical for larger scale partner and customer applications.

Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy