BlackBerry issues 'critical' security warning for Z10 phones

The first flagship BlackBerry 10 phone contains a "critical" bug that could allow hackers to crack open the device and pilfer files and data.

Image: BlackBerry/RIM

BlackBerry has issued a security advisory notice to those who have bought its flagship Z10 touchscreen smartphone — the first BlackBerry 10 device to launch following the company's bid for revival, back in February.

The advisory, which was issued earlier this month, notes a bug that relates to BlackBerry Protect, its security and backup utility, rather than the phone's operating system itself. 

According to the advisory, an escalation of privilege vulnerability exists in the software of some Z10 phones that could allow a malicious app to "take advantage" of weak permissions in the in-built security software. This could allow a hacker to gain access to the device's password, and intercept and prevent the device from being wiped.

The "critical" factor is that the security flaw could dupe the device's user into installing an app which resets the device password through BlackBerry Protect. Though the device may be in the user's hands, the device's data is under the control of the hacker.

BlackBerry 10 version and earlier devices are affected by the critical bug, except version BlackBerry 7 and earlier users are not affected, and neither are those who upgraded to BlackBerry 10.1 in recent weeks .

BlackBerry said in the advisory that the bug is "not currently being actively exploited," but BlackBerry Z10 owners and IT administrators who deploy BlackBerry Z10 smartphones in an enterprise should update their devices as soon as possible.

Enterprise users can also set their BlackBerry Enterprise Server policies to mitigate any unauthorized access. 

Show Comments