All the latest UK technology news, reviews and analysis
|
|
|
11 Aug 2011
Security researchers are urging organisations wanting to implement the BlackBerry PlayBook tablet to hold off until the operating system and some of its key technologies have stabilised, and more is known about potential security holes.
A new paper by information assurance and penetration testing firm NGS Secure revealed several minor flaws about which RIM has already been notified, as well as potential areas where more may exist in the future.
NGS research director Andy Davis told V3 that the PlayBook was rushed out owing to commercial pressures, meaning that some functionality, such as the ability to communicate natively with the Blackberry Enteprise Server, was left out.
"We're saying to businesses looking to adopt the PlayBook that they should be a bit cautious because it's an unknown quantity as key functionality has not yet been released," he said. "Commercial pressures to get this functionality out may have a negative effect on security."
Among the minor vulnerabilities discovered by NGS is a flaw in the PlayBook's built-in web browser which could enable "a more detailed view of the file system than was intended by RIM".
The research paper also discovered that the HDMI video port could trigger a software vulnerability in the device, although Davis admitted that RIM is still trying to determine the seriousness of this flaw.
"Our main focus in the research was identifiying the attack surface, finding where the vulnerabilities might be and where to focus future research," he said.
"Yes, there are vulnerabilities, although nothing massively critical, but there is an indication that there may be more."
RIM had not responded to a request for comment at the time of writing.
NGS' warning comes just weeks after the PlayBook became the only tablet to be approved for use by the US federal government, having gained the FIPS 140-2 accreditation.
It's been a tough day for RIM, which was leapfrogged by ZTE in Gartner's latest global smartphone rankings and now sites in sixth place.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Functional Oracle Support Analyst - EBS Financials, Support...
Oracle E-Business Suite Technical Consultant - EBS...
Oracle Applications DBA - East London - All salaries...
Oracle Functional Consultants - Financial - Project Accounting...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Too much hyperbole
When the iPhone came out you could send an sms to the phone with a .exe attached and the phone would automatically run the file with full admin permissions. Being able to get a marginally better view of the internal file system is what we expect from RIM. Security even when rushed. Your title was more hype and the article was less informative than I had hoped for. The HDMI port could be more interesting though, and that got one sentence in your whole article. Less hype, more meat, get the article checked by a security person.
Posted by: CJ 25 Nov 2011