RIM Warns Of Security Vulnerability

Research In Motion, the maker of the popular BlackBerry line of handheld devices, has issued a security patch for the popular handhelds, warning they are vulnerable to attacks by hackers. According to security experts, if this latest patch is not applied, there is a risk hackers could exploit the vulnerability and take over a company’s server. To date, no hacker has exploited the vulnerability.

As RIM put it, “Multiple security vulnerabilities exist in the PDF distiller of some released versions of the BlackBerry Attachment Service.” This vulnerability could cause memory corruption and could also possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service.

In other words, the vulnerability could allow hackers to control servers running BlackBerry systems by sending emails with infected attachments in PDF format. If a user opens one of these infected attachments, the malicious code could attempt to install itself on the server at the company’s data center that runs its BlackBerry network. Hackers could then use that server to send spam or steal private data. The cost of such an attack would be great, likely much greater than the value of the BlackBerry device itself since it would affect the corporate network.

RIM issued patches to resolve similar patches in January. The company suggests that BlackBerry users should only open attachments from trusted sources. RIM also provides instructions on its website to prevent the BlackBerry Attachment Service from processing PDF files. For additional security, RIM suggests that companies can install the BlackBerry Attachment Service on a remote computer and then place that computer on its own network segment. This would help prevent the spread of potential attacks from the BlackBerry Attachment Service to another computer within a company’s network.

Problems such as these are not unique to RIM’s OS. It’s a constant battle between all technology companies and increasingly sophisticated hackers. Every time a vulnerability is discovered, there is always potential for a hacker to exploit it. In fact, many criminals rush to exploit a security flaw after it is publicized because it often takes weeks or months for users to learn of the problems and install the necessary patches to fix them. In addition, many companies delay installing the patches until they are able to verify that the patch won’t interfere with any of the other software on their devices and/or network.