It is no longer news that BlackBerry smartphones may be on their way to extinction. BlackBerry has been unable to fight off the dominance of Google’s operating system Android and has settled for the infamous saying “if you don’t beat them, you join them”. The Canadian smartphone maker has now favoured Android over its cherished BlackBerry 10 OS, with the most recent of its offerings running on the open source platform. To stay in business, BlackBerry has often bragged about its security offerings, with the company labeling its DTEK50 which runs on Android as the world’s most secure phone. However, recent cyber attacks raise questions about BlackBerry’s supposed strong point — security, as the PRIV, its first smartphone to run on Android was named as one of the vulnerable smartphones.
According to security researchers, around 900 million Android devices are said to be vulnerable to cyber attacks that exploit four vulnerabilities in software drivers for Qualcomm chips. Any of the four vulnerabilities, collectively dubbed QuadRooter by researchers at security firm Check Point, can be exploited by attackers using a malicious app to trigger privilege escalations and gain root access to the device. The app would require no special permissions to take advantage of the vulnerabilities, so users would not have any suspicions aroused.
When The Nerve Africa contacted BlackBerry, the smartphone maker said it was aware of the cyber threats.
BlackBerry is aware of the Quadrooter flaws and the vulnerabilities that affects the majority of Android devices. A fix for BlackBerry’s Android devices was integrated and tested in our labs immediately after the report was received and we will expedite it to customers as soon as possible.
We believe that BlackBerry’s secure boot chain design mitigates the issue since any elevation of privilege to root level will be temporary and any exploit for this issue would be unable to gain a persistent root. BlackBerry is not aware of any exploits for this vulnerability in the wild and does not believe that any customers are currently at risk from this issue.
More importantly, this issue shows how ‘secure’ is not a target, it is a continuum. The complex nature of software makes it prone to exposures and vulnerabilities. That means to achieve BlackBerry’s standard of being the most secure, we must practice and enable these tenets:
1) Security by design
2) Continual and fast security updates
3) Total control and visibility of your privacy and security
Smartphone users still hanging to BlackBerry’s promise of security will be hoping the Canadian company keeps it promise. For others who have moved on to the Android and Apple side of life, they couldn’t care less. To them, BlackBerry is dead! But the smartphone maker keeps shouting in reassurance, I’m alive!