Security glitch found on BES; protected business contacts can be viewed using Android apps

Security glitch found on BES; protected business contacts can be viewed using Android apps
A security breach has been found in BES. The report, out of Germany, says that it was discovered that certain Android apps running on a BlackBerry device powered by the recently released BlackBerry 10.2.1, and plugged into BES, could access secured business contacts using Android apps like Skype. That is not supposed to happen, obviously, as Android Runtime enabled apps are not supposed to be in the work partition.

BlackBerry is not only aware of the problem, it has already fixed it. The repair is part of an update that is all set to be pushed out to BlackBerry 10 users. All that is required is approval from the carriers so that the update can be distributed. So far, BlackBerry 10.2.1, which features an improved Android Runtime, has been sent out to some users of the BlackBerry Z10 'all-touch' handset.

Certain business apps in BlackBerry 10 are protected to the point that incoming calls received while the corporate workspace is closed, will not show the caller's name on the screen. Being able to access this protected list of contacts through an Android app is an opening that needs to be shut. Security is the one feature that BlackBerry has left to sell to the the enterprise and to consumers who are increasingly worried about such things in the wake of the revelations involving the NSA.

Thanks, Anonymous Tipster!

source: Heise (translated)


Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless