- Blocking root access, which enables a user or hacker to gain administrative access to the OS.
- Memory randomization, which in effect scrambles where in memory routines may run, making it harder for these to be leveraged by attackers.
- Adding security management, including auditing, to the kernel.
It's a work in progress. Code to jailbreak or root the QNX-based PlayBook OS (so you can load apps apart from BlackBerry App World) is available from DingleBerry.it, whose Version 3.3 was a big step up in simplicity and ease of use. A 4.0 version is in development. The PlayBooks will eventually run BlackBerry 10, so if blocking root access is a priority for RIM, then they may be harder to jailbreak with the release of the new OS.
One advance to protect data is already present in the PlayBook OS and will be a key part of BlackBerry 10, according to Totzke. BlackBerry Balance creates separate and secure work and personal "perimeters" at the data level. Corporate apps and data are encrypted in the work perimeter, and they can't be transferred or copied to the personal perimeter. (Encryption for personal data will be available in the next release of the PlayBook OS, he says.)
"But I [as the user] don't have to think about this separation," says Totzke. "There's a unified presentation to the data [in the user interface], but under the covers, the system separates the data." There is only one email system and UI, for example, on the device, but work and personal emails are kept separate by the underlying system.
Neutrino's microkernel architecture keeps an essential set of services in the core, but drivers, applications, protocol stacks, and the file system run outside the microkernel, effectively sandboxed in what's called memory-protected user space. This means that almost any of these external components can fail and be replaced and restarted without affecting other components or the kernel itself, according to QNX. Presumably malware designed to compromise the kernel likewise will be isolated in these protected spaces.
Another layer of protection lies in QNX Neutrino conforming to the Posix standard, which specifies an API, and some shells and interfaces, for software compatibility between Posix-compliant operating systems. "A Posix API prevents the use of proprietary interfaces with the potential for insecure behavior and misunderstood results," among other benefits, according to the QNX website. The RTOS was designed from the outset for Posix support, an approach that eliminates the need for adding a "complex Posix adaptation layer" that some rivals RTOSs require. The result is faster performance and lower memory requirements for applications, according to QNX.
Much of this security infrastructure will be invisible to users. But if mobile payment technologies actually find some traction, security or at least the need for it may become more pressing for users. RIM been an enthusiastic adopter of near-field communications (NFC) in its BlackBerry smartphones, to support using them for contactless mobile payments. U.K.-based The Inquirer reported this week that RIM says it accounted for 80 percent of NFC phones shipped to U.K. retailers in the first quarter.
"I think that's where people want to go," says Totzke. "I sometimes forget my wallet, but I never forget my phone."
John Cox covers wireless networking and mobile computing for Network World. Twitter: http://twitter.com/johnwcoxnww Email: firstname.lastname@example.org Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.