BlackBerry can be bitten by DoS attacks

Long meeting requests can cause the device to reboot, but the flaw cannot be exploited to execute malicious code as had been suggested
Written by Jo Best, Contributor on

A flaw that could cause denial-of-service attacks on RIM BlackBerry handhelds has been discovered.

Security firm Secunia has posted a warning about a vulnerability in the smart phones "which can be exploited by malicious people to cause the device to reboot" on its Web site.

The flaw stems from the phone's inability to cope with meeting requests with a location field over a certain length -- 128KB. Any request larger than that will cause the phone to reboot but no data will be lost.

Phones running the RIM software version 3.7 Service Pack 1, and possibly older versions, are vulnerable but RIM has fixed the flaw in later versions.

The flaw has been rated as "not critical" by Secunia, and RIM has said it has had no reports of users being affected by the flaw.

The security company that originally identified the vulnerability, HexView, claimed that the flaw could be used to execute malicious code on BlackBerry phones but according to RIM, it's not possible.

Viruses designed to infect mobiles have yet to make it big in the wild. What was initially thought to be an outbreak of the so-called Mosquito virus turned out to be a copy-protection feature that went wrong.

The first 'real' virus, Cabir, was developed as a proof-of-concept for malware on mobiles but despite reports of the worm making it into the wild, the virus never managed large scale infection.

Since then, some handset markers, including Nokia, have introduced new security features to their phones.

Editorial standards