RIM urges BlackBerry users to turn off JavaScript

A vulnerability could allow a hacker to access a device's user data through the BlackBerry Browser

Research in Motion is recommending that IT departments and users disable JavaScript on their BlackBerry devices, citing a vulnerability unearthed at this year's Pwn2Own hacker challenge.

According to RIM, the vulnerability could allow a hacker to access a device's user data through the BlackBerry Browser if the user visits a "maliciously designed" website. The vulnerability only affects devices that have BlackBerry OS 6 installed, since it can only be exploited in devices that utilize the WebKit browser engine. RIM first started remaking its browser for BlackBerry OS 6 in 2009, when it purchased open source Web browser developer Torch Mobile, whose flagship Iris Browser is based on the open source Webkit browser engine. Any BlackBerry devices that contain older versions of the BlackBerry operating system will not be impacted.

[ Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]

RIM may rip a page from Google for PlayBook

RIM says the vulnerability will only allow hackers to gain access to data stored on devices' media cards and built-in media storage and that it will not give hackers access to data on the application storage portion of the phone, such as user data stored by email, calendar, and contact applications. So far, RIM says it has seen no actual cases of anyone exploiting this vulnerability outside of a test environment.

RIM is providing IT departments with guidelines to disable JavaScript on several BlackBerry devices, including the Torch 9800, the Bold 9700 and the Curve 9300. If this fails, RIM recommends disabling the BlackBerry Browser on devices altogether until the vulnerability can be patched.

While RIM has traditionally made its name by providing airtight security to enterprise users, it has been forced in recent years by the success of Apple's iPhone and Google's open source Android operating system to allow more open source and third-party applications onto its devices. In addition to its use of the open-source WebKit browser engine, RIM is also reportedly weighing whether to let its upcoming PlayBook tablet run applications designed for the Android platform.

Mobile applications have become an increasingly popular feature of smartphones over the past couple of years, especially with the high-profile launches of application shopping centers such as Apple's App Store and Google's Android Market. The most recent survey data from research firm ChangeWave shows that 14 percent of smartphone users said that applications were what they liked best about new smartphones, followed by ease of use (12 percent) and Internet access (12 percent). Corporate e mail access, which has long been RIM's bread-and-butter application, was considered the most important feature by 10 percent of users, the survey showed.

Read more about anti-malware in Network World's Anti-malware section

This story, "RIM urges BlackBerry users to turn off JavaScript" was originally published by NetworkWorld.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies