BlackBerry to release Heartbleed fixes for BBM Messenger, Secure Work Space

The Heartbleed revelation is widely felt in the technology industry, and now BlackBerry is the latest vendor to announce security updates to patch the OpenSSL flaw.
Written by Charlie Osborne, Contributing Writer

BlackBerry plans to release a set of updates to plug the security holes left by the OpenSSL flaw Heartbleed.


Heartbleed is a security flaw which was discovered by researchers this month. The vulnerability is found in OpenSSL software used to keep data secure across a variety of services, including across messaging services, content sharing, online shopping and banking.

Through the flaw, hackers can theoretically communicate with a server, steal large amounts of data, and vanish without a trace.

The engineer who contributed the code to OpenSSL resulting in Heartbleed spoke out last week, stating that the problem was "accidental" and not malicious as some parties have claimed.

While there are yet to be public reports of hackers using the vulnerability to steal data, the security flaw has been present for several years.

A number of companies have issued patches to stem the problem, including Google, Facebook, YouTube, Yahoo and Pinterest. According to Reuters, BlackBerry is now next on the list, with BlackBerry senior vice president Scott Totzke said the firm will need to update two popular BlackBerry products, Secure Work Space corporate email and BBM messaging program for Android and iOS.

Totzke says that the majority of BlackBerry services do not use OpenSSL and therefore are impervious to Heartbleed, but Secure Work Space and BBM messaging may be vulnerable if cybercriminals gain access to these apps through Wi-Fi or carrier networks. Security patches are being issued as a cautionary measure, as the risk of this happening is "extremely small," according to the BlackBerry executive.

"It's a very complex attack that has to be timed in a very small window," Totzke insists, and so believes it is safe to continue using these services until patches are released.

OpenSSL Software Foundation president Steve Marquess has requested that donations to the project be contributed by governments and businesses who use OpenSSL within their services. Marquess believes that entities which "take [OpenSSL] for granted" should be the ones who contribute funds to make the platform more secure, and the project needs at least six full-time employees rather than just one, considering the widespread use of the system.

Editorial standards