BlackBerry to release Heartbleed fixes for BBM Messenger, Secure Work Space

BlackBerry to release Heartbleed fixes for BBM Messenger, Secure Work Space

Summary: The Heartbleed revelation is widely felt in the technology industry, and now BlackBerry is the latest vendor to announce security updates to patch the OpenSSL flaw.

SHARE:
TOPICS: BlackBerry, Security
1

BlackBerry plans to release a set of updates to plug the security holes left by the OpenSSL flaw Heartbleed.

heartbleed-200x242

Heartbleed is a security flaw which was discovered by researchers this month. The vulnerability is found in OpenSSL software used to keep data secure across a variety of services, including across messaging services, content sharing, online shopping and banking.

Through the flaw, hackers can theoretically communicate with a server, steal large amounts of data, and vanish without a trace.

The engineer who contributed the code to OpenSSL resulting in Heartbleed spoke out last week, stating that the problem was "accidental" and not malicious as some parties have claimed.

While there are yet to be public reports of hackers using the vulnerability to steal data, the security flaw has been present for several years.

A number of companies have issued patches to stem the problem, including Google, Facebook, YouTube, Yahoo and Pinterest. According to Reuters, BlackBerry is now next on the list, with BlackBerry senior vice president Scott Totzke said the firm will need to update two popular BlackBerry products, Secure Work Space corporate email and BBM messaging program for Android and iOS.

Read this

ZDNetGovWeek: Heartbleed worldwide roundup special issue

ZDNetGovWeek: Heartbleed worldwide roundup special issue

It's likely to be the worst vulnerability ever on the Internet. ZDNet's editors have been looking at the problem from all sides, including how to protect yourself and your users. This is our worldwide roundup special issue. Everything you need to know is in here.

Totzke says that the majority of BlackBerry services do not use OpenSSL and therefore are impervious to Heartbleed, but Secure Work Space and BBM messaging may be vulnerable if cybercriminals gain access to these apps through Wi-Fi or carrier networks. Security patches are being issued as a cautionary measure, as the risk of this happening is "extremely small," according to the BlackBerry executive.

"It's a very complex attack that has to be timed in a very small window," Totzke insists, and so believes it is safe to continue using these services until patches are released.

OpenSSL Software Foundation president Steve Marquess has requested that donations to the project be contributed by governments and businesses who use OpenSSL within their services. Marquess believes that entities which "take [OpenSSL] for granted" should be the ones who contribute funds to make the platform more secure, and the project needs at least six full-time employees rather than just one, considering the widespread use of the system.

Topics: BlackBerry, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Open source is a fallacy

    "OpenSSL Software Foundation president Steve Marquess has requested that donations"

    Nothing like demolishing the traditional open source arguments. Here is a reality check:

    1) Nothing is free.
    2) If something is sufficiently complicated, peer review is useless because virtually no will be able to understand it.

    I guess that leaves "Open". Well, a lot of good that did for all the companies that simply utilized the Open SSL library in their product without making any changes. Maybe next time Sally Secretary can skim the code between phone calls and suggest some improvements. Absurd? Absolutely. All those companies and not one of them bothered to modify the library to either delete the feature or make their own enhancements. What does that say about the value of openness?
    croberts