Blackberry’s flagship mobile device, the Blackberry Z10, has a remotely exploitable authentication bypass vulnerability that could allow an attacker to access confidential and personal data, or feed the device targeted malware from afar.
According to ModZero, which uncovered the flaw, the problem lies in a network service that allows file sharing and storage communications between the phone and a network client. If users enable the cloud file access function via Wi-Fi (and he or she must explicitly enable this by clicking "access using Wi-Fi" on the phone), a password oversight opens the door to malicious actors.
Specifically, the Z10 asks the user to enter a password that is to get access to the file server. However, the file sserver itself fails to ask for a password, thus allowing unauthenticated users to obtain read- and write-access to the shared documents.
It’s a bit of a hit or miss thing as to whether the issue crops up. “This behavior does not always occur but is reproducible within at most one of 10 different tries via Wi-Fi,” the firm said in its advisory.
As far as exploits, there are two ways to do it: “The first approach let users access the fileserver via the wireless LAN interface without using the developer mode, which is the most common scenario. The second approach gives access via USB cable. In this second approach, the developer mode is activated to enable TCP/IP communication via USB.”
The root cause of the vulnerability is not known, but the company shared the intelligence with Blackberry, which has developed a patch for the problem. Being an issue with the network service API, the company has pushed it out to carriers rather than end users.