Share

BlackBerry moves to soothe Heartbleed fears

Boston - BlackBerry said it plans to release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the "Heartbleed" security threat.

Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centres and on mobile devices running Google's Android software and Apple's iOS software.

BlackBerry senior vice-president Scott Totzke told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, "The level of risk here is extremely small," because BlackBerry's security technology would make it difficult for a hacker to succeed in gaining data through an attack.

"It's a very complex attack that has to be timed in a very small window," he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesperson Christopher Katsaros declined comment. Officials with Apple could not be reached.

Mobile apps

Security experts say that other mobile apps are also likely vulnerable, because they use OpenSSL code.

Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.

He said mobile app developers have time to figure out which products are vulnerable and fix them.

"It will take the hackers a couple of weeks or even a month to move from 'proof of concept' to being able to exploit devices," said Shaulov.

Technology firms and the US government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.

Companies including Cisco Systems, Hewlett-Packard, International Business Machines, Intel, Juniper Networks and Oracle Corp Red Hat have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

While there have been no public reports of successful attacks involving the Heartbleed vulnerability, researchers say that it has been around for several years. That means that hackers could have successfully been using it without being caught since attacks do not leave any traces.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.89
+0.2%
Rand - Pound
23.83
+0.3%
Rand - Euro
20.36
+0.3%
Rand - Aus dollar
12.31
+0.3%
Rand - Yen
0.12
+0.2%
Platinum
908.05
0.0%
Palladium
1,014.94
0.0%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders