SECURITY RESEARCHERS have discovered a flaw in Research in Motion's (RIM) Blackberry Playbook Bridge software that allows data to be intercepted.
Ben Nell and Zach Lanier, consultants at mobile security firm Intrepidus Group, have found that an attacker can gain access to the Bridge connection and steal email along with other data. They announced their findings at the Infiltrate conference yesterday, according to Threatpost.com.
An authentication token sent between a Blackberry smartphone and a Blackberry Playbook is put in a readable place that a hacker can access by using a malicious app. Grabbing this token gives the attacker remote access to the Playbook's files.
"While the bridge is active, the token is in a place that is essentially world readable. The .all file being in a place that is world readable is the thing that causes the problem with the Bridge sessions," said Lanier.
Blackberry Bridge involves a Playbook tablet communicating wirelessly with a Blackberry smartphone via a Bluetooth connection. It is touted as a big selling point for the tablet.
At this year's consumer electronics show (CES) in Las Vegas RIM announced new versions of its operating systems, Blackberry 7.1 and Blackberry Playbook 2.0. RIM has told The INQUIRER that these versions will fix the problem.
RIM said, "The Blackberry Playbook issue described at the Infiltrate security conference has been resolved with Blackberry Playbook OS 2.0, which is scheduled to be available as a free download to customers in February 2012."
"There are no known exploits and risk is mitigated by the fact that a user would need to install and run a malicious application after initiating a Blackberry Bridge connection with their Blackberry smartphone."
For a closer look at the upcoming RIM operating systems check out our video demo from CES. µ