Researchers Find Security Flaw In BlackBerry Playbook

Researchers have found a security flaw in the BlackBerry Playbook that would enable an attacker to steal personal data from the tablet.

The vulnerability was found in the Bridge application used for communications via Bluetooth between the PlayBook and the BlackBerry handset, both made by Canada-based Research in Motion, Kaspersky Lab reported in its ThreatPost blog. Handset customers use the Bridge application to access corporate e-mail, calendar and other personal data on the tablet.

Zach Lanier and Ben Nell, researchers for New York-based mobile security vendor Intrepidus Group, reported the flaw Thursday at the Infiltrate conference in Miami, Kaspersky said. The researchers were able to snatch the authentication token sent between the devices and use it to connect to a Playbook and access e-mail and other data.

The security hole is a result of the PlayBook's operating system placing the token where it is easily accessible by a malicious app installed on the device.

For the attack to work, the hacker would first have to get the app in the tablet. This could be done by tricking the user into opening an e-mail attachment or downloading a file from a Web site, Kaspersky said.

RIM told ThreatPost that the Bridge flaw would be corrected in version 2.0 of the PlayBook's OS, which is expected in February.

RIM has touted security as a standout feature in its tablet and smartphone. Nevertheless, the company has struggled in the tablet market. RIM took a charge of $485 million in the third quarter of last year due to weak PlayBook sales.