Researchers find Blackberry Playbook flaw that allows email snooping

Jan 13, 2012
1

The Blackberry Playbook has been one of the bigger failures in the tablet realm. It's still trying to find success in the market, but is having a tough road. A pair of security researchers has found a flaw in the way the Playbook connects to a Blackberry smartphone for connecting to corporate emails. The flaw that the researchers are exposing is in the Bridge application used to connect the tablet and smartphone.

The duo found that they can listen in on the Bluetooth connection between the devices. RIM left the security token needed to decrypt emails in a place where anyone that knows where to look can find it. Once they had hands on that token, the researchers were able to access all the email and other information they wanted as a privileged user.

The key to allowing the exploit was the discovery of the security token sitting there waiting to be found. The token sits in a place that is world readable while the Playbook and smartphone are in a Bridge session. There are caveats to the attack though. The Playbook has to be running an app that can access the token. A malicious app could also be installed on the tablet to open access to the token.

[via ThreatPost]


Must Read Bits & Bytes