BlackBerry handset
The BlackBerry update fixes a flaw in the handling of security certificates

RIM posts new BlackBerry security patch

Update fixes phishing flaw in smartphones

Shaun Nichols in San Francisco

V3.co.uk, 03 Oct 2009

Research In Motion has issued a security update to address a flaw in its BlackBerry handsets.

The update fixes a flaw in the handling of security certificate issues in the BlackBerry browser application, which could be exploited by an attacker to perform a phishing attack.

Advertisement

The vulnerability affects BlackBerry software versions 4.5 to 4.7, and all users with supported BlackBerry software versions are advised to update their software. The flaw does not affect the BlackBerry Server or Desktop software packages.

The flaw lies in the way the browser reports security certificate mismatches. When a mismatch between the certificate issuer and domain is detected, the browser presents a dialogue box warning the user.

Researchers have found, however, that the dialogue boxes do not display null characters on addresses. This could allow an attacker to craft a false certificate with null characters at the end of an otherwise legitimate site, and use it to present the certificate as authentic.

RIM recommends that users install the security fix immediately. Users who do not have the update are being advised to use caution when accepting web certificates, and avoid clicking on any suspicious or unsolicited links.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Do you agree?

Have your say on this article

Further reading

VeriSign

VeriSign pushes forward with mobile security

VIP programme extended to over 200 mobile devices

Mobile phone

TeleWare touts mobile office solution

Firm promises mobile access to PBX-style functions

iPhone overtakes Aston Martin as coolest brand

Apple picks up three places in the top 10

Verizon could be dropping the Palm Pre

Palm may get snubbed on star smartphone

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

V3.co.uk weekly debrief, 5 Feb 2010

This week we cover the continuing controversy surrounding the Orange T-Mobile deal

More video

Analysis and Reports

Using managed services to protect mobile data users from the latest security threats

Counting the cost of data security: the benefits of secured mobile services

Shifting Disaster Recovery targets with SharePoint and SQL server configurations

Using a hostbased recovery system for mission-critical systems

Poll

Adobe Flash poll

Adobe Flash poll

Do you agree with Steve Jobs about Flash being buggy?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Neil Sanderson

Interview: Microsoft UK virtualisation chief Neil Sanderson

Sanderson outlines Microsoft's plans for Hyper-V, cloud computing and virtual...

Google

Google moves into social networking with Buzz

Facebook gets opposition in consumer and enterprise spheres

Nvidia

Nvidia pitches Optimus as prime notebook platform

New system pairs onboard and discrete chips

OpenDNSSEC

OpenDNSSEC service goes live

New security project encrypts Domain Name System traffic

Primary Navigation