During the Pwn20wn hacker challenge at the CanSecWest conference last week, the security vulnerability was exploited to hack into a BlackBerry Torch 9800 smart phone to steal the contact list and image database. The security soft spot exists in the WebKit browser engine included in the BlackBerry 6 mobile operating system.
"Successful exploitation of the vulnerability requires the user to browse to a website that the attacker has maliciously designed. A successful exploit could allow the attacker to use the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not to access user data that the email, calendar and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone," according to a RIM security advisory issued in response to the hack demo.
Additionally, BlackBerry Enterprise Server administrators can disable the BlackBerry Browser on BlackBerry smartphones in their organizations using the Allow Browser IT policy rule and the Allow Other Browser Services IT policy rule.
Another strategy: Google has already addressed the BlackBerry Pwn2Own hack in Chrome.
In addition to refreshing workstations and servers, IT pros must now also plan lifecycle refreshes for laptops, tablets, smartphones and other mobile devices. From increased productivity to compliance to support costs, discover what factors are driving those decisions. Also, download this report and learn which mobile initiatives IT organizations are investing in most aggressively.