14 DAY TRIAL // One of the most secure mobile operating systems still available on the market, BlackBerry, seems to be affected by a spoofing vulnerability through the BlackBerry World application.
According to the Canadian company, the vulnerability affects all BlackBerry 10 OS smartphones, but risk for users is limited by two requirements that need to be met in order for someone to take advantage of it.
First of all, the BlackBerry 10 user has to connect to an “attacker-controlled network” and then he/she has to download an application via BlackBerry World.
It appears that, due to a vulnerability in BlackBerry World, the attacker is able to intercept a user’s application download or update request over a compromised network and replace the response from the server with a malicious file that the customer will unknowingly install on his own device.
This could potentially allow the attacker to gain access to any data or settings allowed by the application’s permissions that the BlackBerry 10 user previously granted.
The good news is that Blackberry has already managed to patch the vulnerability and BlackBerry 10 users are urged to download a software update, so they will be fully protected from this flaw.
BlackBerry confirms that the fix for this vulnerability has been included in various versions of the BlackBerry World application, so depending on which iteration of BlackBerry 10 powers your smartphone, you will have to download one version of the app or another.
For BlackBerry 10.3.0 users, the Canadian company has released BlackBerry World version 5.1.0.53 and later, while for BlackBerry 10.2.1 users a new BlackBerry World app 5.0.0.263 and later should be installed in order to be protected from said vulnerability.
Those who can't update should only download apps over trusted networks
Last but not least, BlackBerry 10.2.0 users should immediately download BlackBerry World version 5.0.0.262 so that they are safe while updating or installing new apps and games via the company’s official store.
Those who can’t update at this time for various reasons are offered a workaround that will fix this vulnerability. Basically, they will have to download or update apps only while connected to trusted networks if they want to be safe from this vulnerability without installing the updated BlackBerry World app.
In addition, you should also pay attention to the application’s permission settings to grant or deny access to certain actions when you see fit.
Make sure you check your BlackBerry 10 smartphone for an update, which should appear in the Notifications section of the Hub. Additionally, you can manually download or update BlackBerry World by visiting www.mobile.blackberry.com from your smartphone.