HWZBB

The only BlackBerry community you will want to be in Singapore. Singapore BlackBerry users, unite!

HWZBB - The only BlackBerry community you will want to be in Singapore. Singapore BlackBerry users, unite!

BlackBerry Releases Quadrooter Security Patches

This morning, BlackBerry released a new update for the Android based devices, Priv and DTEK50. This update was a security patch for the Quadrooter vulnerabilities unveiled last week at DEF CON Conference. These high-severity vulnerabilities affects pretty much most of the devices running on Qualcomm processors and BlackBerry is the first vendor in the world to release the security patches for the devices.

There was a total of 4 vulnerabilities that have been announced by Check Point, hence the name Quadrooter. In short, QuadRooter uses the vulnerabilities in Qualcomm’s firmware drivers to get elevated (or extra) permissions on your device. For now, whilst there are not any cases being reported yet, the exploit itself is a little tad hard to execute to begin with – though when successfully performed, the access would be tremendous for the attacker.

First, one needs to have the factory security settings and manually install an app that has the QuadRooter exploit codes. However, devices these days, such as the BlackBerry Priv and DTEK50 already come with automatic scanning of the applications and would be able to warn users of the applications prior to installation. Furthermore, these 2 devices are also built with a secure boot process that verifies the system hasn’t been tampered with which effectively leaves only 3 out of the 4 vulnerabilities for the attackers to play with.

Hence, despite it being that hard to execute – requiring user interaction, because the exploit has been openly shared and disclosed, adversaries might attempt to use them. Hence, BlackBerry immediately began to develop, test and build a fix so as to rapidly patch them before anyone tries to manipulate it.

As the BlackBerry Chief Security Officer, David Kleidermacher says:

Some critical Android vulnerabilities – for example, one that can be easily and remotely exploited with a publicly disclosed method to execute ‘root’ privileged malware – simply can’t wait for a monthly update cycle.

Factory unlocked devices from BlackBerry directly should have started to receive the security patches this morning (about 1am) as we have highlighted on our FaceBook post, whist units from carriers will start to roll out within the week itself over the air.

Via BlackBerry Support KB

Category: News!

Your email address will not be published. Required fields are marked *

*

Please Verify That You Are Human * Time limit is exhausted. Please reload CAPTCHA.