BlackBerry To Release Heartbleed Patches As Mobile Threat Is Scrutinized
To address vulnerabilities in programs related to the "Heartbleed" security threat, BlackBerry Ltd. intends to release security updates for messaging software for Android and iOS devices by Friday, Reuters reported Sunday.
Security experts first told companies to focus on securing vulnerable websites, but since then, they've warned about threats to technology used in data centers and on mobile devices running Google's Android software and Apple Inc's iOS software.
Last week, researchers cautioned that they found Heartbleed, a bug that goes after the OpenSSL software often used to keep informatio secure, potentially enabling hackers to rob enormous troves of data without leaving any traces, according to Reuters.
On Friday, the White House and U.S. intelligence agencies said neither the National Security Agency nor any other part of the government were aware of the bug before April, denying a Bloomberg report that the spy agency exploited it to gather intelligence, the Guardian reported.
Scott Totzke, BlackBerry senior vice president, told Reuters that while most BlackBerry items do not use the vulnerable software, BlackBerry does have to update two products that are often used: BBM messaging program for Android and iOS and Secure Work Space corporate email.
Those are vulnerable to hackers if they gain access to the apps via either WiFi connections or carrier networks, Totzke said.
Even so, he said, "The level of risk here is extremely small," because BlackBerry's security technology would make it difficult for a hacker to succeed in gaining data through an attack.
Tozke said, "It's a very complex attack that has to be timed in a very small window," and adding that it was safe to still use those apps before an update arrives.
Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.
Other mobile apps are also likely vulnerable because they use OpenSSL code, security experts say.
The way Michael Shaulov, chief executive of Lacoon Mobile Security, sees it, apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.
Mobile app developers have the time to determine which products are vulnerable and subsequently fix them, Shaulov said.
"It will take the hackers a couple of weeks or even a month to move from 'proof of concept' to being able to exploit devices," he added.
Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.
Companies such as Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc. have warned customers that they could be at risk. Some updates are out, while others, like BlackBerry, are rushing to roll them out, Reuters reported.
© Copyright IBTimes 2024. All rights reserved.