PDAStreet: News: RIM Fills BlackBerry Phishing Hole

Internet.com's premiere site for mobile managers and IT professionals is where wireless meets business. Our expert analysis and tips will guide you in buying, deploying, securing and managing mobile technology in the enterprise. You'll find strategic analysis, best practices, news, buyer.s guides and practical advice on how to evaluate and support a wide range of devices in the workforce.

PDAStreet.com > News > RIM Fills BlackBerry Phishing Hole

RIM Fills BlackBerry Phishing Hole

By James Alan Miller
October 5, 2009

RIM's released an software update to counter a security hole that could lead BlackBerry users to visit malicious Web sites because they think a link in an SMS message or e-mail message is coming from someone they trust.

The problem is the BlackBerry browser dialog box does not clearly indicate mismatches between web site domain names and associated certificates. This issue affects all built-in browsers on affected BlackBerry devices (BlackBerry Browser, Internet Browser, WAP Browser, and Wi-Fi (Hotspot) Browser).

RIM's update is for BlackBerry OS 4.5 and higher.

For those who have not updated their BlackBerry yet, RIM recommends they exercise caution when clicking on links that they receive in e-mail or SMS messages. If a user visits a site that causes a BlackBerry browser dialog box to warn the user about continuing the connection, the user should select Close connection.

Mobile Security Lab and CESG separately reported this issue to RIM.


Printable Version
Email this Story to a Friend