Beware BlackBerry Browser Bug Until Carriers Offer Updates

A recently identified BlackBerry Browser bug that affects the vast majority of RIM smartphones makes BlackBerry owners more vulnerable to phishing attacks. BlackBerry maker RIM claims to have released new software to address the issue to carriers, yet most of those updated builds are not yet publicly available via U.S. carrier sites. Here’s how to stay safe, now and later.

BlackBerry smartphone users who frequently surf the Web via handheld will want to keep checking with their wireless carriers for BlackBerry Handheld Software updates in the coming weeks. That’s because a new bug found in most current versions of Research In Motion’s (RIM) device software, which makes it easier for malicious parties to execute "phishing" attacks on unsuspecting smartphone users, has been addressed via handheld software updates from RIM.

From RIM’s online security advisory:

"This advisory relates to a BlackBerry Browser dialog box that provides information about web site domain names and their associated certificates. The BlackBerry Browser dialog box informs the BlackBerry device user when there is a mismatch between the site domain name and the domain name indicated in the associated certificate, but does not properly illustrate that the mismatch is due to the presence of some hidden characters (for example, null characters) in the site domain name."

Here’s a list that specifies which software should be updated and to which new versions.

Current Software Version
BlackBerry Device Software v4.5.0.x to v4.5.0.173 or later
BlackBerry Device Software v4.6.0.x to v4.6.0.303 or later
BlackBerry Device Software v4.6.1.x to v4.6.1.309 or later
BlackBerry Device Software v4.7.0.x to v4.7.0.179 or later
BlackBerry Device Software v4.7.1.x to v4.7.1.57 or later

http://www.cio.com/article/503562/Beware_BlackBerry_Browser_Bug_Until_Carriers_Offer_Updates
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19552

Leave a Reply