• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • Archives

RIMarkable

The Unofficial BlackBerry Weblog

  • Hardware
  • Reviews
  • Rumor Mill
You are here: Home / BlackBerry / Most RIM Devices Suffer From BlackBerry Browser Bug

Most RIM Devices Suffer From BlackBerry Browser Bug

September 30, 2009 by Robb Dunewood Leave a Comment

Research in Motion posted a knowledge base article yesterday that details a BlackBerry Browser bug that makes many BlackBerry devices vulnerable to phishing attacks. The bug seems to be because of the way that the BlackBerry browser handles server certificates with null characters.

BlackBerry Browser dialog box does not clearly indicate mismatches between web site domain names and associated certificates

From RIM’s Knowledge Base:

Problem

A malicious user could create a web site that includes a certificate that is purposely altered using null (hidden) characters in the certificate’s Common Name (CN) field or otherwise manipulated to deceive a BlackBerry device user into believing they have connected to a trusted web site.

If the malicious user then performs a phishing-style attack by sending the BlackBerry device user a link to the web site in an SMS or email message that appears to be from a trusted source, and the BlackBerry device user chooses to access that site, the BlackBerry Browser will correctly detect the mismatch between the certificate and the domain name and display a dialog box that prompts the user to close the connection. However, the dialog box does not display null characters, so the user may believe they are connecting to a trusted site and disregard the recommended action to close the connection.


The following screenshot shows an example of a BlackBerry Browser dialog box that does not clearly indicate that there is a mismatch between the web server address and its associated certificate:

BlackBerry Browser BugRIM says that you can resolve this vulnerability by updating your BlackBerry OS and they have released said updates to carriers.  The Only problem is that most carriers have not officially released these new OS updates.  In the mean time, just be weary sites where the above dialog box pops up…

[Via CIO]

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related

Filed Under: BlackBerry

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Like What you See?

If you're serious about your business, the Aspire theme is the way to go.

Recent Posts

  • The Priv…..You Better Market It!!
  • BB10… A Slow Death?
  • The Day BlackBerry Forced Me To Leave BlackBerry
  • BlackBerry Hank Says Goodbye
  • Get A 10% Discount Code On A New BlackBerry Silver Passport

Copyright © 2021 · News Pro on Genesis Framework · WordPress · Log in