BlackBerry to release Heartbleed fixes for BBM Messenger, Secure Work Space

Summary:The Heartbleed revelation is widely felt in the technology industry, and now BlackBerry is the latest vendor to announce security updates to patch the OpenSSL flaw.

BlackBerry plans to release a set of updates to plug the security holes left by the OpenSSL flaw Heartbleed.

heartbleed-200x242

Heartbleed is a security flaw which was discovered by researchers this month. The vulnerability is found in OpenSSL software used to keep data secure across a variety of services, including across messaging services, content sharing, online shopping and banking.

Through the flaw, hackers can theoretically communicate with a server, steal large amounts of data, and vanish without a trace.

The engineer who contributed the code to OpenSSL resulting in Heartbleed spoke out last week , stating that the problem was "accidental" and not malicious as some parties have claimed.

While there are yet to be public reports of hackers using the vulnerability to steal data, the security flaw has been present for several years.

A number of companies have issued patches to stem the problem, including Google, Facebook, YouTube, Yahoo and Pinterest. According to Reuters, BlackBerry is now next on the list, with BlackBerry senior vice president Scott Totzke said the firm will need to update two popular BlackBerry products, Secure Work Space corporate email and BBM messaging program for Android and iOS.

Read this

ZDNetGovWeek: Heartbleed worldwide roundup special issue

It's likely to be the worst vulnerability ever on the Internet. ZDNet's editors have been looking at the problem from all sides, including how to protect yourself and your users. This is our worldwide roundup special issue. Everything you need to know is in here.

Totzke says that the majority of BlackBerry services do not use OpenSSL and therefore are impervious to Heartbleed, but Secure Work Space and BBM messaging may be vulnerable if cybercriminals gain access to these apps through Wi-Fi or carrier networks. Security patches are being issued as a cautionary measure, as the risk of this happening is "extremely small," according to the BlackBerry executive.

"It's a very complex attack that has to be timed in a very small window," Totzke insists, and so believes it is safe to continue using these services until patches are released.

OpenSSL Software Foundation president Steve Marquess has requested that donations to the project be contributed by governments and businesses who use OpenSSL within their services. Marquess believes that entities which "take [OpenSSL] for granted" should be the ones who contribute funds to make the platform more secure, and the project needs at least six full-time employees rather than just one, considering the widespread use of the system.

Topics: BlackBerry, Security

About

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.