RIM Patches BlackBerry Null Character Exploit

Dennis Faas's picture

It's not often you hear about smartphones being infiltrated by hackers using phishing schemes, but a recent Research in Motion security fix is designed to prevent just that kind of issue.

The Waterloo, Ontario-based Research in Motion, which produces the extremely popular BlackBerry smartphone, late last week issued a patch for a reported vulnerability which left many of its users susceptible to attack by phishing hackers.

According to reports, the flaw could allow a remote hacker to fool a BlackBerry owner into visiting a malicious website with their handheld multimedia device. A BlackBerry user duped by the scheme would find themselves at what might appear to be a legitimate site, but is in fact designed to soak up visitor login and password data for malicious purposes. (Source: itproportal.com)

Malicious Null Character Exploit

As late as last week, Research in Motion had failed to protect the BlackBerry against null character exploits. This software oversight was eventually picked up by hackers, who could build new web pages with null characters in a site's certification field in order to fool the BlackBerry's (apparently far from perfect) security software.

Although users would usually receive a warning if a site's certification was questionable, the null characters prevented the BlackBerry security from detecting it. (Source: v3.co.uk)

RIM: Apply Fix, Vigilance, Common Sense

Research in Motion is encouraging all of its BlackBerry users to immediately download and apply the fix, and to be extra careful when clicking on links forwarded by questionable parties through instant messaging or the device's popular push email function.

Although all smartphone users are encouraged to follow this most basic security advice, those using BlackBerry software versions 4.5 through 4.7 should click on the link to RIM's new patch here. The vulnerability has not been found in BlackBerry Desktop software or server packages.

Rate this article: 
No votes yet