Connect with us

BlackBerry Response to OpenSSL “FREAK” Vulnerability

Blackberry News

BlackBerry Response to OpenSSL “FREAK” Vulnerability

BlackBerry Canada

This security notice addresses the OpenSSL “FREAK” vulnerability that used to be disclosed on March 3, 2015. BlackBerry® is diligently running to look at the vulnerability and to decide how very best to mitigate consumer possibility. Investigations are nonetheless ongoing, however make sure that BlackBerry merchandise are impacted by way of this vulnerability. We will update this safety realize as new knowledge and fixes turn out to be to be had.

Who will have to learn this realize?

  • BlackBerry telephone customers
  • BBM for iOS, Android, and Windows Phone customers
  • BlackBerry Blend customers
  • BlackBerry Link customers
  • Secure Work Space for iOS and Android customers
  • IT directors who set up BlackBerry smartphones, BES12, BES10, BES5, or Secure Work Space for iOS or Android in an undertaking

More Information

Have any BlackBerry consumers been topic to an assault that exploits this vulnerability?
BlackBerry isn't acutely aware of any assaults concentrated on BlackBerry consumers the use of this vulnerability.

When will BlackBerry repair the BlackBerry merchandise suffering from the OpenSSL vulnerability?
For the ones merchandise which are affected, we're diligently running to decide the whole have an effect on of the problem and make sure the most productive means for shielding consumers.

When will BlackBerry supply extra updates approximately those problems?
BlackBerry would possibly supply additional updates as wanted at the same time as our ongoing research keeps. This realize can also be up to date as affected BlackBerry merchandise are fastened.

Where can O learn extra concerning the safety of BlackBerry merchandise and answers?
For additional info on BlackBerry safety, discuss with www.blackberry.com/security and www.blackberry.com/bbsirt. For additional info on security measures in BlackBerry 10 units, learn the BlackBerry Security Overview.

Affected Software

  • BlackBerry 10 OS (all variations)
  • BlackBerry 7.1 OS and in advance (all variations)
  • BES12 (all variations)
  • BES10 (all variations)
  • BES12 Client (iOS) (all variations)
  • Secure Work Space for BES10/BES12 (Android) (all variations)
  • Work Space Manager for BES10/BES12 (Android) (all variations)
  • Work Browser for BES10/BES12 (iOS) (all variations)
  • Work Connect for BES10/BES12 (iOS) (all variations)
  • BlackBerry Blend for BlackBerry 10, Android, iOS, Windows and Mac (all variations)
  • BlackBerry Link for Windows and Mac (all variations)
  • BBM on BlackBerry 10 and Windows Phone (all variations)
  • BBM on Android in advance than model 2.7.0.6
  • BBM on iOS in advance than model 2.7.0.32
  • BBM Protected on BlackBerry 10 and BlackBerry OS (all variations)
  • BBM Protected on Android in advance than model 2.7.0.6
  • BBM Protected on iOS in advance than model 2.7.0.32
  • BBM Meetings for BlackBerry 10, Android, iOS, and Windows Phone (all variations)

Non-Affected Software

  • BES5 (all variations)
  • BlackBerry Universal Device Service (all variations)
  • BES12 Client (Windows Phone) (all variations)
  • BES12 Client (Android) (all variations)
  • BBM on Android model 2.7.0.6 and later
  • BBM on iOS model 2.7.0.32 and later
  • BBM Protected on Android model 2.7.0.6 and later
  • BBM Protected on iOS model 2.7.0.32 and later

Are BlackBerry smartphones affected?

Yes

Vulnerability Information

BlackBerry is recently investigating the buyer have an effect on of the just lately introduced OpenSSL FREAK vulnerability. I listing of recognized affected and unaffected merchandise is equipped on this realize, and could also be up to date as we whole our research.

The OpenSSL Factoring assault on RSA-EXPORT Keys is a vulnerability within the OpenSSL implementation incorporated with affected BlackBerry merchandise. The in style OpenSSL cryptographic tool library is open-source tool used to safe consumer/server transactions.

This weak spot may just permit an attacker who's in a position to intercept and adjust encrypted SSL visitors to pressure a weaker cipher suite. This weaker cipher suite may well be damaged by way of a brute drive assault inside of a finite time. In order to make the most this vulnerability, an attacker will have to first whole a a success guy-in-the-center (MitM) assault. This factor used to be addressed in OpenSSL 1.0.1k and a restore is to be had for integration into affected BlackBerry merchandise. The vulnerability is distinct in CVE-2015-0204.

Further research into affected merchandise is ongoing, and BlackBerry is operating to decide the whole have an effect on of the problem and make sure the most productive way for shielding consumers. As fixes turn out to be to be had, this realize will probably be up to date.

Mitigations

Mitigations are present prerequisites that a attainable attacker would wish to triumph over to mount a a success assault or that may restrict the severity of an assault. Examples of such prerequisites come with default settings, not unusual configurations and common absolute best practices.

This factor is mitigated for all consumers via the prerequisite that the attacker will have to first whole a a success guy-in-the-center (MitM) assault so as to make the most the vulnerability. For BES12, BES10, Blend and Link, this will moreover require that the attacker compromise the intranet.

This factor is additional mitigated for patrons sending knowledge that may be encrypted ahead of being despatched over SSL; as an example, knowledge encrypted via O/MIME or PGP will nonetheless be safe.

<!--
#featuredbar
font: 1.3em Lucida Helvetica Sans Unicode,Arial,sans-serif;
font-weight:bolder;

#featuredbar atextual content-ornament:none;
#featuredbar a:hovertextual content-ornament:underline;colour: #006ACC;
.Berry
colour: #006ACC;

.Review
colour: #F89939;

.slogan
colour: #F00;

-->


Posted through Gareth for ©BerryReview |
BlackBerry Response to OpenSSL “FREAK” Vulnerability

Comments

More in Blackberry News

To Top