Inside the Security Model of BlackBerry 10

The new BlackBerry 10 operating system contains a number of security improvements and upgrades over earlier versions, but there are still some features and functions that an attacker may be able to exploit.

LAS VEGAS–The new BlackBerry 10 operating system contains a number of security improvements and upgrades over earlier versions, but there are still some features and functions that an attacker may be able to exploit. The OS also contains a diagnostic tool called QUIP that has the ability to collect various kinds of user data, including voice and audio communications, screen captures and raw memory dumps, and send it to BlackBerry.

The QUIP functionality is designed specifically to gather a variety of data and ship it off to BlackBerry. Ralf-Phillip Weinmann of the University of Luxenbourg said he was surprised to find the functionality in the software during a review of its security capabilities.

“I was not amused,” he said.

However, BlackBerry officials said that the feature is turned off by default on all BlackBerry 10 devices and the user has to go in and opt to turn on each specific logging function.

“All of it is clearly enumerated to the user. QUIP is off by default,” said Adrian Stone, head of security response at BlackBerry. “It’s a diagnostic tool. Users can turn it on if they want to. I wouldn’t expect that to be a large number. For us it was a clear choice. We wanted to have that diagnostic capability but we also wanted to respect users’ privacy.”

The logging functionality is in the security and privacy menu on BlackBerry 10 devices.

Weinmann, known for his mobile security and baseband research, took a detailed look at the security model of BBOS 10, and what he found was that the software has some new features that made it harder to attack in some cases. However, he said there are some concerning weak points that could give an attacker the opening he needs to compromise a device. The operating system runs on the new BlackBerry 10 handsets, and unlike previous versions, it’s built on the QNX platform. Weinemann said that the change has made some significant differences in the new OS.

“You have a very weird mix of things running on there now,” Weinmann said.

The security change most noticeable for users is the new partition between personal and business data, known as BlackBerry Balance. The feature enables users to split their sensitive work data from their everyday personal apps, email and other data. Both partitions are encrypted and data doesn’t flow from one to the other. But, Weinmann said that Balance doesn’t make much of a difference in terms of security for most users.

“As a real security mechanism, I don’t have that much faith in it at the moment, to be honest,” Weinmann said in a talk at the Black Hat 2013 conference here Wednesday.

BlackBerry OS 10 also includes some less-obvious security functions, namely exploit mitigations such as ASLR, DEP and stack cookies. Weinmann said that despite these improvements, it’s likely to be easier for attackers to maintain persistence on a compromised BlackBerry device than on an iOS device, for example.

“If you’re any user you can copy binaries to the device and execute them,” he said. “You can totally binaries on the system that remain there. Persistence on the BlackBerry at the moment is significantly easier than on last-generation iOS device. Although, it’s somewhat, if not significantly, better than on most Android phones.”

Weinmann said that because of the way the security is set up on the new BlackBerry 10 devices, the revelation of one privilege-escalation exploit could be a major hit for the OS.

“The security model fundamentally hinges on privilege-escalation exploits not to be available,” he said. “I don’t find that very comforting.”

Suggested articles