BlackBerry 10 is by far one of the most secure mobile operating systems available. However, a vulnerability exists with BlackBerry 10’s app store, BlackBerry World.
Fortunately, BlackBerry has already patched the bug. But, the vulnerability still affects previous versions of the BlackBerry World app available for OS 10.2, 10.2.1 and 10.3.
|BlackBerry 10 OS version||Affected BlackBerry World versions:|
|10.3.0||Versions earlier than 220.127.116.11|
|10.2.1||Versions earlier than 18.104.22.1683|
|10.2.0||Versions earlier than 22.214.171.1242|
The vulnerability was discovered to affect a weakness in the integrity checking system in verifying the apps a user downloads. An attacker could replace a legitimate download with a malicious app, should the attacker gain a man-in-the-middle (MITM) position between the user and BlackBerry World servers.
BlackBerry says on their Knowledge Base article that only the BlackBerry World app on BlackBerry 10 is susceptible to the vulnerability and urges users to upgrade to the latest version, if they haven’t already.
“A vulnerability exists in the BlackBerry World service’s download mechanism, which is used by the BlackBerry World app on affected BlackBerry 10 smartphones. BlackBerry World allows you to search for and download apps for your BlackBerry device. BlackBerry World employs application integrity checking and secure download methods to ensure that the correct app is downloaded and installed.
“In some cases, a weakness in these methods could allow an attacker, through a man-in-the-middle attack, to intercept a user’s BlackBerry World application download and, as a result, install malware on the device. Successful exploitation of this vulnerability could potentially result in an attacker gaining access to any data or settings that are accessible through the permissions that the user accepted when installing the malicious app.”
BlackBerry World communications with user devices are also now completed over an SSL connection to further help mitigate a MITM attack. You can view your BlackBerry World app version by swiping from the top and selecting ‘Settings’ and you’ll see the version number listed at the bottom. Anything above aforementioned versions and you should be safe from the vulnerability.