14 DAY TRIAL // A security problem in BlackBerry Z10 phone, that allowed a potential attacker under certain circumstances to gain access to data shared with another machine via WiFi, without being required to authenticate, has been repaired.
According to the disclosure report from Modzero, the glitch could not be reproduced at all times, but it occurred about one in ten attempts to share data via WiFi.
The issue was found to be exploitable remotely and was assigned the CVE-2014-2388 identifier. It was reported to BlackBerry on June 23, 2013, and the vendor repaired the vulnerabilities on April 2, 2014.
The disclosure has been made only now as the vendor wanted to ensure that the patch reached as many of its clients as possible.
The vulnerability report says that the severity of the bug is considered medium to high, a potential attacker being able to leverage the flaw for malware distribution and accessing sensitive information.
Modzero, a company from Switzerland consulting on security-related issues, says that it shows two methods a cybercriminal could compromise the BlackBerry Z10 device. However, it seems that the bug is not reproducible at all times, and several attempts are required.
“The authentication by-pass results in read and write access to enabled shares. Thus, sensitive data may be accessed by unauthorized or malicious network clients or users. Since the share is also writable, attackers are able to distribute targeted malware to certain mobile-phone users,” reads the disclosure from Modzero.