RIM's Attempt to Block Dingleberry Jailbreak on PlayBook Fails

From DailyTech:
When an Apple, Inc. (AAPL) iPhone gets hacked, it's no big surprise. When a Google Inc. (GOOG) Android smartphone gets turned into a slave in a massive botnet, it's an average day on the market. But when Canadian smartphone maker Research In Motion, Ltd. (TSE:RIM) gets hacked, it's major news, as the devicemaker has built a reputation on underlying rock-solid security.

Questions about the security of the company's recent acquired QNX operating system were raised when a trio of hackers released a tool called Dingleberry, which gave root access to RIM's first QNX tablet, the PlayBook. The tool allowed users to jailbreak their device -- a process of granting yourself administrative rights on legally purchased devices through atraditional means, as authorized by the Library of Congress's Summer 2010 amendments to the Digital Millennium Copyright Act [PDF] (DMCA).

RIM yesterday confirmed the vulnerability in a Knowledge Base (KB) post, which revealed its origin to be a weakness in QNX's file sharing system. When the OS interacts with the company's BlackBerry Desktop Software users can manipulate it to achieve an escalation of privileges.

The company quickly pushed a fix down the pipe to users.

But as Apple has unpleasantly experienced in the past, the hackers were one step ahead. They had already updated the jailbreak tool to still work post-patch. Hacker "Chris Wade" writes on Twitter:

all firmware are currently jailbreakable

While that claim has not been confirmed definitively, if it's true it looks like it's back to the drawing board for RIM, and more embarrassment from the company who was traditionally a leader in security.

View: Article @ Source Site