BlackBerry plans Heartbleed patches as mobile threat scrutinized

BOSTON Mon Apr 14, 2014 10:54am IST

The BlackBerry logo is pictured at the BlackBerry campus in Waterloo September 23, 2013. REUTERS/Mark Blinch/Files

The BlackBerry logo is pictured at the BlackBerry campus in Waterloo September 23, 2013.

Credit: Reuters/Mark Blinch/Files

Related Topics

Stocks

   

BOSTON (Reuters) - BlackBerry Ltd (BB.TO) said it plans to release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the "Heartbleed" security threat.

Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc's (GOOG.O) Android software and Apple Inc's (AAPL.O) iOS software.

Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, "The level of risk here is extremely small," because BlackBerry's security technology would make it difficult for a hacker to succeed in gaining data through an attack.

"It's a very complex attack that has to be timed in a very small window," he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.

Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.

Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.

He said mobile app developers have time to figure out which products are vulnerable and fix them.

"It will take the hackers a couple of weeks or even a month to move from 'proof of concept' to being able to exploit devices," said Shaulov.

Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug. <ID:L2N0N30YO>

Companies including Cisco Systems Inc (CSCO.O), Hewlett-Packard Co (HPQ.N), International Business Machines Corp (IBM.N), Intel Corp (INTC.O), Juniper Networks Inc JNPR.O, Oracle Corp ORCL.O Red Hat Inc (RHT.N) have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

While there have been no public reports of successful attacks involving the Heartbleed vulnerability, researchers say that it has been around for several years. That means that hackers could have successfully been using it without being caught since attacks do not leave any traces.

(Reporting by Jim Finkle; Editing by Leslie Adler)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Sino-Indian Ties

REUTERS SHOWCASE

Monetary Policy

Monetary Policy

Fed renews zero rate pledge, but hints at steeper rate hike path.  Full Article 

Eyeing Stocks

Eyeing Stocks

Interview - EPFO chief urges green light to buy stocks  Full Article 

Stimulus Reports

Stimulus Reports

China cenbank injects $81 bln into major banks to support economy - reports  Full Article 

Ranbaxy Investigation

Ranbaxy Investigation

Ranbaxy says U.S. authorities seek information on pricing data.  Full Article 

E-Commerce

E-Commerce

Tiger Global leads $60 million investment in Quikr.  Full Article 

Monsoon Update

Monsoon Update

Delayed retreat of monsoon rains to start this weekend  Full Article 

Financing Deal

Financing Deal

IndiGo agrees $2.6 billion aircraft finance deal with China's ICBC  Full Article 

Grim Outlook

Grim Outlook

Sony deepens loss estimate on struggling smartphone business  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage