BlackBerry products vulnerable to FREAK attack

Many versions of the BlackBerry operating systems and BlackBerry Enterprise Server are vulnerable to the FREAK SSL attack, according to a warning issued by the company.

The OpenSSL FREAK (Factoring Attack on RSA-Export Keys) vulnerability or CVE-2015-0204, which was reported March 3, is believed to have for years made iPhones, Mac OS X machines and Google Android devices vulnerable to hacking.

In a security advisory, BlackBerry confirmed that its products (software and smart phones) are also affected by the flaw. The company said it is investigating the vulnerability and is doing its best to mitigate customer risk. BlackBerry is not aware of any customers that may have been subjected to an attack that exploited the vulnerability.

BlackBerry said there are no workarounds to the vulnerability.

FREAK is a vulnerability in the OpenSSL implementation included with affected BlackBerry products. The popular OpenSSL cryptographic software library is open-source software used to secure client/server transactions.

The weakness could allow an attacker who is able to intercept and modify encrypted SSL traffic to force a weaker cipher suite. This weaker cipher suite could be broken by a brute force attack within a finite time. In order to exploit this vulnerability, an attacker must first complete a successful man-in-the-middle attack.

The affected BlackBerry software are:

  • BlackBerry 10 OS (all versions)
  • BlackBerry 7.1 OS and earlier (all versions)
  • BES12 (all versions)
  • BES10 (all versions)
  • BES12 Client (iOS) (all versions)
  • Secure Work Space for BES10/BES12 (Android) (all versions)
  • Work Space Manager for BES10/BES12 (Android) (all versions)
  • Work Browser for BES10/BES12 (iOS) (all versions)
  • Work Connect for BES10/BES12 (iOS) (all versions)
  • BlackBerry Blend for BlackBerry 10, Android, iOS, Windows and Mac (all versions)
  • BlackBerry Link for Windows and Mac (all versions)
  • BBM on BlackBerry 10 and Windows Phone (all versions)
  • BBM on Android earlier than version 2.7.0.6
  • BBM on iOS earlier than version 2.7.0.32
  • BBM Protected on BlackBerry 10 and BlackBerry OS (all versions)
  • BBM Protected on Android earlier than version 2.7.0.6
  • BBM Protected on iOS earlier than version 2.7.0.32
  • BBM Meetings for BlackBerry 10, Android, iOS, and Windows Phone (all versions)

Non-affected software are:

  • BES5 (all versions)
  • BlackBerry Universal Device Service (all versions)
  • BES12 Client (Windows Phone) (all versions)
  • BES12 Client (Android) (all versions)
  • BBM on Android version 2.7.0.6 and later
  • BBM on iOS version 2.7.0.32 and later
  • BBM Protected on Android version 2.7.0.6 and later
  • BBM Protected on iOS version 2.7.0.32 and later

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now