If there were ever a mobile device that could not handle another blow, it would be Research In Motion’s tablet device, the PlayBook. The BlackBerry’s typical user works in the government and corporate environment, where security is essential. PlayBook users — while much smaller in number — have similar needs.
News has emerged of a vulnerability in the way the Playbook connects to corporate emails. Essentially, the flaw allows hackers to tap into the Bluetooth connection that links the PlayBook and the BlackBerry smartphone while they are in a Bridge session, which is currently the only way that a user can access his or her emails.
Two researchers from the Intrepidus Group were able hack into the Bluetooth connection linking the BlackBerry handset and the PlayBook and appropriate the authentication token, according to a report in Threatpost.
Using that token, they were able to access the user’s email and other data. The researchers, Zach Lanier and Ben Nell, discussed the findings at the Infiltrate conference held this week in Miami Beach.
RIM did not respond to our request to comment for this story.
A Growing List
Add this security flaw to the growing list of RIM’s PlayBook-related woes.
The device failed to capture buyer attention after its launch last year; indeed, RIM slashed its price in December to US$300 after it admitted it sold fewer PlayBooks than expected.
A much-needed upgrade to the OS was delayed until this week, debuting to little fanfare at the Consumer Electronics Show. These were enhancements customers were clamoring for almost from the start, such as full integration of such basic functions as messaging and a calendar — that is, without having to sync between the handheld and tablet via a wireless connection.
Then there are all the troubles besetting RIM itself. BlackBerry suffered through a high-profile three-day outage last year that infuriated customers.
This latest security flaw — there was another in December when researchers found a way to jailbreak the tablet — may well be the last straw for the PlayBook.
Besides the PR impact of news of the security vulnerability, there are some potential legal issues for RIM, Elise Dieterich, cochair of the telecommunications and privacy practice at Kutak Rock, told the E-Commerce Times.
“Vulnerabilities like these pose two sorts of risks,” she said. “One is that the maker could be held liable if a user can show that the device is, in essence, a ‘defective product,’ because the bug was so obvious that failing to correct it was negligent, and that the vulnerability caused actual, measurable harm.”
The other risk has to do with RIM’s reputation — and related advertising — of providing secure gadgets, she said. Advertising for the product could be deemed unfair or deceptive, because it promised users a level of security that’s found not to exist.
The New OS
One bright spot for RIM may be the release of Playbook OS, version 2.0.
The upgrade is scheduled to roll out in February, Azita Arvani of the Arvani Group told the E-Commerce Times, but it could well prove to be a case of too little, too late.
The way RIM forced its PlayBook users to access their email, calendar and contacts was through a clunky workaround that now, thanks to the Intrepidus Group researchers, has been shown to be vulnerable to hack attack.
Besides introducing security vulnerabilities, “it hasn’t been a friendly access option for users either,” Arvani said.
With the February release of new PlayBook software, the BlackBerry tethering vulnerabilities should go away, she noted. — “but of course, there may be security flaws elsewhere. Given RIM’s branding emphasis on security and reliability, they should have taken extra measures to reduce the number of vulnerable data paths where hackers can attack.”