Critical security warning for Blackberry z10

BlackBerry said the issue is with the BlackBerry Protect software and not the Z10’s operating system.

With the device password and physical access to the phone, an attacker can:

• Access the functionality of the smartphone (including the BlackBerry Hub, apps, data, and the phone) by unlocking the smartphone.
• Unlock the work perimeter on a BlackBerry Z10 smartphone that has BlackBerry Balance technology enabled if the work perimeter password is the same as the device password.
• Access the smartphone over a USB tether with either BlackBerry Link or the computer’s file viewer, allowing access to the smartphone’s personal files, contacts, PIM data, and so on. The attacker could also access work perimeter content on BlackBerry Balance smartphones if the work perimeter is unlocked and access over a USB tether is allowed by a policy that the IT administrator sets.
• Enable development mode after accessing the smartphone over a USB tether, allowing remote access as a low privilege development user.
• Change the current device password, allowing the attacker to deny access to the legitimate user of the smartphone.
• Access any other local and enterprise services for which the legitimate user has used the same password as the smartphone’s password.

BlackBerry recommends that all users apply the available BlackBerry 10 OS version 10.0.10.648 software update to fully protect their BlackBerry Z10 smartphone.

The attacker cannot exploit this vulnerability without user interaction. To prevent exploitation of the vulnerability, do the following:

• The user must have downloaded and installed a malicious app that specifically targets this vulnerability. A BlackBerry smartphone prompts a user for permission to install any third-party software or to grant certain permissions to a third-party application.
• The user must enable BlackBerry Protect, which is not enabled by default.
• The user must have issued a password reset command through BlackBerry Protect website.