BlackBerry has admitted that its products are vulnerable to the Freak flaw that was uncovered earlier this month. The implications of this are potentially very serious given that BlackBerry devices are widely used by government bodies and in other areas where security is paramount.
The Freak flaw has the potential to enable hackers to force devices to accept a lower encryption standard when connecting to a server, thereby making it possible for an attack to brute force the lower-grade encryption and render the conversation insecure.
Android and iOS were the first platforms to be found to be at risk, with Microsoft confirming soon after that the flaw also affects its systems.
BlackBerry has now confirmed in a web post that its suite of products and services can also be exploited by the attack.
“Investigations are still ongoing, but confirm that BlackBerry products are impacted by this vulnerability,” it said.
Affected products including BlackBerry 10 OS and BlackBerry 7.1 OS, BES 12, BES 10 and BBM Protected for Android, BlackBerry 10 and iOS.
Secure Work Space on Android and BlackBerry Blend on Android, iOS, Windows, Mac and BlackBerry 10 are also at risk.
The fact almost all key tools from BlackBerry are at risk from Freak is notable, as many organisations with a security-focus use BlackBerry because of its high-grade encryption.
The Canadian company said it was working to fix the issue: "For those products that are affected, we are diligently working to determine the full impact of the issue and confirm the best approach for protecting customers."
BlackBerry attempted to reassure customers by saying that the complex nature of the attack, which first requires a hacker to have successfully carried out a man-in-the-middle attack on a server, makes it unlikely anyone is at risk.
“This issue is mitigated for all customers by the prerequisite that the attacker must first complete a successful man-in-the-middle (MitM) attack in order to exploit the vulnerability,” it said.
“For BES12, BES10, Blend and Link, this would additionally require that the attacker compromise the intranet.”
However, given the high-profile nature of some of BlackBerry's customers, it is potentially more likely that hacker groups would take the time and effort to carry out such an attack.
BlackBerry did say, though, that it was unaware of any attacks targeting its customers using the Freak vulnerability.
Bharat Mistry, cyber security consultant at Trend Micro, told V3 that given BlackBerry’s user base there was a clear risk posed by the flaw.
"It is still generally recognised that Blackberry is the platform of choice for those who want secure delivery and storage of sensitive information and privacy – the security on the Blackberry platform is superior to that of iPhone or Andriod," he said.
"If you look at the Blackberry user base (even thou its diminishing) – in most cases they are “High Net” individuals – such as President Barak Obama, UK Chancellor George Osbourne.
"The difference will be that FREAK based attacks on Blackberry will be part of a wider “Targeted” attack rather than a mass attack on the user base."
British Airways blames 'global systems outage' for IT meltdown
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps