How we manage BlackBerry jailbreak issues

Security

blackberry-security

I’m Adrian Stone, and I am the Director of the BlackBerry Security Incident Response Team (BBSIRT) here at Research In Motion. The BBSIRT is responsible for responding to potential security issues and investigating vulnerability claims that may impact RIM’s products. Security is a priority for our customers, and that’s why I’ll be contributing regularly to this blog. For my first post, I want to provide some insight into how we investigate and respond to jailbreak-related reports.

“Jailbreaking”, or gaining root access to a device, has become common place in both the mobile and gaming industries. Essentially, gaining this deeper level of access to the core functions of the device allows the user to do things not originally intended by a manufacturer, such as install software outside of “official” channels. Unfortunately, gaining this level of root access may increase the security risk. For this reason, most device manufacturers, including RIM, strongly discourage jailbreaking while understanding that whole communities exist for just that purpose. At RIM, we take these issues very seriously. Let’s walk through how we assess and respond to jailbreaking reports.

From a user perspective, there are two primary ways to jailbreak a device. First, there is the method where the user voluntarily makes changes that require: a) the device to be tethered to a computer; b) access to an authorized user account on the device; and c) may even require the user to make changes to the device’s default settings by putting it into developer mode (which can also compromise security). This method cannot be used by remote attackers to compromise user data or the integrity of the device as it requires both possession of the device and valid user credentials for the device. The second method involves less interaction on the user’s part. For example, a software bug may be exploited from a web page to gain root access to any mobile device and not require any interaction from the user except visiting the page.

On hearing reports of a jailbreak for a BlackBerry® product, the BBSIRT will quickly triage the underlying issue and method used to perform the jailbreak. If it falls into the first category, where extensive user interaction is required, we will seek to address it in a future software update. If it falls into the second category (where a vulnerability is exposed with little to no user interaction), that is an indication of a more serious underlying issue and will most likely result in the release of a security update to address it as soon as possible. When this happens, my team publishes a security advisory or notice. These notifications typically offer an assessment of the issue and the required steps customers should take to resolve the vulnerability.

To be clear, RIM recommends against installing any jailbreaking tool. Customers who use a jailbreaking tool on BlackBerry products void the manufacturer warranty and also increase the long-term risk of negatively impacting the stability and user experience of their BlackBerry products. Use of a jailbreaking tool could also amplify the impact and severity of a future security issue, making your personal data more vulnerable to theft and more difficult to protect. If new jailbreaks for BlackBerry products are reported, rest assured that we will evaluate them and take appropriate action to help protect customers.

But the best actions you can take to protect your BlackBerry products are also pretty simple to follow: 1) keep your BlackBerry software up to date; 2) don’t install jailbreaking tools; and 3) don’t install software from unauthorized or unverified sources.

I look forward to your questions and feedback, so please submit a comment below. The BBSIRT and I promise to read each one and comment back where possible.

Join the conversation

Show comments Hide comments
+ -
  • http://liliputing.com/2012/03/rim-lays-out-policy-on-jailbreaking-hint-dont-do-it.html RIM lays out policy on jailbreaking (hint: don’t do it) - Liliputing

    […] BlackBerry Security Incident Response Team director Adrian Stone provided some details about how the company prioritizes those security fixes […]

  • http://www.geeky-gadgets.com/rim-says-jailbreaking-your-playbook-will-void-your-warranty-21-03-2012/ RIM Says Jailbreaking Your PlayBook Will Void Your Warranty » Geeky Gadgets

    […] You can find out more details over at the BlackBerry for Business Blog. […]

  • http://iphoneappsconsulting.com/research-in-motion-sounds-off-on-managing-jailbreak-issues-says-jailbreaking-rooting-voids-warranty/ Research In Motion sounds off on managing jailbreak issues; says jailbreaking (rooting) voids warranty | iphone Apps Consulting

    […] published a post on their Inside BlackBerry for Business Blog this morning, regarding jailbreaking (aka […]

  • http://mobilesyrup.com/2012/03/21/rim-says-that-playbook-jailbreak-voids-warranty-lowers-stability-and-user-experience-of-blackberry-products/ RIM says that Playbook jailbreak voids warranty, "lowers stability and user experience" of BlackBerry products | MobileSyrup.com

    […] Inside BlackBerry for Business Blog Via: The Verge […]

  • http://rakan.me/2012/03/21/rim-officializes-stance-against-jailbreaking/ RIM Officializes Stance Against Jailbreaking : Rakan Alhneiti

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

  • http://www.technologytell.com/gadgets/92983/rim-reveals-its-steps-to-prevent-jailbreaking/ RIM reveals its steps to prevent jailbreaking | | GadgeTellGadgeTell

    […] issue, making your personal data more vulnerable to theft and more difficult to protect.”Via [Inside BlackBerry]SECTIONS Business News, SmartphonesTAGS blackberry, hack, jailbreak, rim, root Popular […]

  • http://www.yahoocrunch.com/rim-officializes-stance-against-jailbreaking/ RIM Officializes Stance Against Jailbreaking | Yahoo Crunch

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

  • http://www.giastar.it/?p=3958 GIASTAR – Storie di ordinaria tecnologia » Blog Archive » RIM Officializes Stance Against Jailbreaking

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

  • http://komphonetech.com/rim-says-no-to-blackberry-playbook-jailbreaking.html RIM says no to BlackBerry PlayBook jailbreaking | All in One Phone and Tech

    […] jailbreakingRIM addressed its stance and future policy on BlackBerry PlayBook jailbreaking in a post to the company’s blog today, officially confirming that jailbreaking the PlayBook would void its […]

  • http://www.gizmoscoop.com/2538/rim-officializes-stance-against-jailbreaking/ RIM Officializes Stance Against Jailbreaking | GizmoScoop

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

  • http://tech.krantenkoppen.org/2012/03/rim-officializes-stance-against-jailbreaking/ RIM Officializes Stance Against Jailbreaking | Krantenkoppen Tech

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

  • http://blog.agsx.net/?p=75 RIM Says Jailbreaking Your PlayBook Will Void Your Warranty - AGS Tech

    […] can find out more details over at the BlackBerry for Business Blog. About […]

  • http://www.gaster.co/2012/03/rim-officializes-stance-against-jailbreaking/ RIM Officializes Stance Against Jailbreaking | Gaster Tech Blog

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

  • http://www.gottabemobile.com/2012/03/21/rim-doesnt-want-you-to-jailbreak-the-blackberry-playbook/ RIM Doesn't Want You to Jailbreak the BlackBerry PlayBook

    […] a post on its business blog, RIM has revealed, in detail, its stance on jailbreaking BlackBerry devices. Adrian Stone, who is the company’s Director […]

  • http://101bestblackberryapps.com/blog/blackberry/research-in-motion-sounds-off-on-managing-jailbreak-issues-says-jailbreaking-rooting-voids-warranty/ Research In Motion sounds off on managing jailbreak issues; says jailbreaking (rooting) voids warranty | 101 Best BlackBerry Apps

    […] published a post on their Inside BlackBerry for Business Blog this morning, regarding jailbreaking (aka […]

  • http://mma-fighters-world.tk/rim-officializes-stance-against-jailbreaking/ RIM Officializes Stance Against Jailbreaking - MMA And Fighters News

    […] about it. Yet it’s constantly in the news because it is, in fact, a philosophical conflict. RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post […]

  • http://media-artists-world.tk/?p=4252 Media And Artists News » Blog Archive » RIM Officializes Stance Against Jailbreaking

    […] about it. Yet it’s constantly in the news because it is, in fact, a philosophical conflict. RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post […]

  • http://startuphelp.us/?p=416787 RIM Officializes Stance Against Jailbreaking | Startup Help

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

  • http://www.butingtech.com/rim-clarifies-its-stance-on-playbook-jailbreaking/ RIM clarifies its stance on Playbook jailbreaking | Butingtech Technology Buzz

    […] a post on RIM’s Inside BlackBerry for Business Blog, Adrian Stone, the Director of the BlackBerry Security Incident Response Team (BBSIRT), explained […]

  • http://betterthaniphone.com/samsung/rim-clarifies-its-stance-on-playbook-jailbreaking/ RIM clarifies its stance on Playbook jailbreaking | Better Than Iphone - Samsung, HTC is Better Than Iphone

    […] a post on RIM’s Inside BlackBerry for Business Blog, Adrian Stone, the Director of the BlackBerry Security Incident Response Team (BBSIRT), explained […]

  • http://www.itleader.info/2012/03/21/rim-officializes-stance-against-jailbreaking/ RIM Officializes Stance Against Jailbreaking : Information Technology Leader

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

  • http://tablet123.com/post-1747_rim-says-no-to-blackberry-playbook-jailbreaking RIM says no to BlackBerry PlayBook jailbreaking | tablet123.com

    […] addressed a position and destiny process on BlackBerry PlayBook jailbreaking in a post to a company’s blog today, strictly confirming that jailbreaking a PlayBook would blank a […]

  • http://freshinfos.com/2012/03/22/no-jailbreaking-allowed-on-blackberry-products-says-rim/ No Jailbreaking Allowed On BlackBerry Products, Says RIM | Fresh Infos

    […] geeky-gadgets / Blackberry Business blog] (All The Images, Trademarks, Logo’s Shown on this Post are the property of their respective […]

  • http://ebuyfacebookfans.org/2012/03/22/rim-officializes-stance-against-jailbreaking/ Quality Facebook Fans To Your Fan-page. Start Your Campaign! » Blog Archive » RIM Officializes Stance Against Jailbreaking

    […] about it. Yet it’s constantly in the news because it is, in fact, a philosophical conflict. RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post […]

  • http://www.intomobile.com/2012/03/21/rim-clarifies-its-stance-jailbreaking/ RIM clarifies its stance on Playbook jailbreaking

    […] a post on RIM’s Inside BlackBerry for Business Blog, Adrian Stone, the Director of the BlackBerry Security Incident Response Team (BBSIRT), explained […]

blog comments powered by Disqus