RIM Issues Patch for BlackBerry Security Flaw

BlackBerry maker Research in Motion has issued a security patch for the popular device, whose users include U.S. President Barack Obama, warning that it is vulnerable to attacks by hackers.

Research in Motion issued the security warning last week in a bulletin on its Web site, but officials could not be reached to comment on details of the patch.

If the patch is not applied, security experts said, there is a risk that hackers could exploit the vulnerability, though they have not done so yet.

Such problems are not unique to Research in Motion. Technology companies constantly battle to stay ahead of increasingly sophisticated hackers. Every time a vulnerability is identified, there is potential for hackers to exploit it.

“It is a serious problem. You need to read the advisory and implement a fix before the hackers try to take control,” said Graham Cluley, a senior researcher with anti-virus software marker Sophos.

When companies publicize security flaws, criminals rush to exploit them because it can take weeks or months for users learn of such problems and protect against them.

Businesses often hold off on installing patches so they can test them to make sure that the new software is compatible with other programs in their network. Sometimes a patch can cause other types of software to malfunction.

Taking control of servers

The newly disclosed vulnerability could allow hackers to take control of servers running BlackBerry systems by sending emails with tainted attachments in Adobe Systems’ PDF format, according to computer security researchers.

If the device’s user opens one of those attachments, it would seek to install malicious software on the server at the data center that runs a company’s BlackBerry network. Hackers could then covertly use that server to send spam or steal corporate data.

“All kinds of nastiness could occur,” Cluley said.

A spokesman for Symantec, the world’s biggest maker of security software, said the cost of such an attack would be greater than the value of the BlackBerry since it would hit the far bigger corporate network itself.

Research in Motion issued patches to resolve similar problems in January.

The Canadian company pays close attention to such issues because it prides itself in security, counting intelligence agencies and top executives at the world’s largest corporations among its customers.

Research in Motion suggests that businesses block their users from opening attachments until they install the patch. The advisory can be viewed here.