BlackBerry’s Z10 is the victim of a critical bug, as the company has issued a security advisory. However, the bug is not with the BlackBerry 10 operating system itself, but with the BlackBerry Protect service.
The critical bug could be used to gain access to the phone, either physically or over Wi-Fi. As ArsTechnica points out, “A malicious application could take advantage of weak permission controls in BlackBerry Protect to reset the password on the Z10 or prevent the phone’s owner from remote-wiping it when the phone is lost. If an attacker has the phone in hand, the bug in Protect could be used to gain access to the phone’s functionality and the owner’s personal data; the bug and a malicious application could be used to expose the phone over Wi-Fi and allow a user to pilfer files from the device.”
BlackBerry 10 was the first mobile platform to be US government approved with FIPS 104-2 certification. BlackBerry is apparently not too concerned about the immediate risks of the known vulnerability.
The vulnerability “…require a combination of a user installing a malicious application and then an attacker gaining access to the phone. The Wi-Fi attacks are only possible if the device’s owner has turned on Wi-Fi access.”