Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® OS Smartphones

Reply
Forums Advisor III
Posts: 1,391
Registered: ‎02-28-2009
My Device: Torch, Bold, Play Book, and Bluetooth HS-700
My Carrier: BELL

New Security Warning With Blackberry Phones and Tablet

 

Just this morning I picked up on this new warning that just came out...

 

This has to do with being able to run Android from what I have interpreted. 

 

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB30152

 

 

Jerry G. 

 

Jerry G.
Developer
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: New Security Warning With Blackberry Phones and Tablet

[ Edited ]

No, it affects non-Android as well.

As it says, "A successful attack could result in RCE in the context of the browser on a BlackBerry PlayBook using the BlackBerry PlayBook browser." That means that the exploit could get access to whatever the PlayBook browser has access to, which is probably the entire shared/ folder space, so it could read (or perhaps modify) any of your files there.

Likewise, it affects the browser inside the Android runtime, if you're using that browser to access the malicious website.

Note that, because of the "sandboxing" of apps within the OS, data that's inside other apps should be safe (unless one of those apps actually uses the QNXStageWebView component itself (many do) and allows you to visit the bad site, and you do so.)


Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Forums Advisor III
Posts: 1,391
Registered: ‎02-28-2009
My Device: Torch, Bold, Play Book, and Bluetooth HS-700
My Carrier: BELL

Re: New Security Warning With Blackberry Phones and Tablet

[ Edited ]

People like myself who do sensitive tasks that are web based must be very careful. With our tablets, when outside of our office we are doing investment management, and other critical business tasks. The solid reputation for Blackberry security is the primary reason why we use only Blackberry phones and the tablet for mobile use.

 

I rarely do browsing of many different web pages without looking for something specific for investment, or industrial, or scientific information and services. Normally I am using the same groups and types of web pages. But, I am conserned from that warning notice.

 

I am wondering if there is a way to block Android applicaitions from loading on their own, or at least have a warning that something is trying to install itself with the option to block it, as like we get with Windows 7.

 

Jerry G.

 

 

Jerry G.
Developer
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10
My Carrier: none

Re: New Security Warning With Blackberry Phones and Tablet

Jerry, you needn't have any concern about Android apps, as long as you aren't using them anyway.

It should not be possible to use this exploit (at least by itself) to install an app, and in any case an app cannot be launched without you actually launching it. As the link you gave notes, this does not give "root" access to anything, and other than exposing your personal data (in the shared folders or in an app that gets exploited by this mechanism) there should be no real danger.

Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Forums Advisor III
Posts: 1,391
Registered: ‎02-28-2009
My Device: Torch, Bold, Play Book, and Bluetooth HS-700
My Carrier: BELL

Re: New Security Warning With Blackberry Phones and Tablet

[ Edited ]

Thanks for the clarification. I re-read the article, and now with your explanation it's more clear to me.

 

Is possible that a malware type webpage can install something in to the Blackberry device without the user being aware?  Or, does any installation have to have the user approve it no matter what?

 

I also realize that if the user visits reputable sites there is extremely low chance of having any problems anyway...

 

Jerry G.

 

Jerry G.