Mobile Pwn2Own: A Safe Environment for Security Researchers and Companies to Improve Mobile Security

Event

This year on the BlackBerry® Security Incident Response Team (BBSIRT), we increased our efforts to collaborate with the security research community. In June, we held the BlackBerry Security Summit featuring some of the industry’s elite researchers including Robert Seacord, Michael Eddington, Andy Davis, Josh Lackey, Zach Lanier, Vincenzo Iozzo, Willem Pinckaers, and Dino Dai Zovi. During the event, there was a full day of talks followed by deep technical discussions with our product and security teams. These exchanges were great and everyone walked away knowing that through collaboration, we can help make the mobile industry safer.

In July, we continued to show our support for the security research community by sponsoring the annual Black Hat conference in Las Vegas. We support dozens of conferences every year, but Black Hat is one of the largest gatherings of the research community in the world. This year, there was definitely an increased focus on mobile security and a lot of great presentations highlighting the need for the industry to continuously improve our understanding and monitoring of the threat landscape.

As the mobile threat landscape continues to evolve, it is imperative that we remain committed to advancing research and technology that will help bolster the security of not only our customers, but also the entire industry.

To further demonstrate our support for mobile security research and our passion for helping to fortify the industry, RIM® is sponsoring the Mobile Pwn2Own competition at EUSecWest in Amsterdam on September 19th and 20th. Due to the prizes available (including BlackBerry® PlayBook™ tablets), we expect to see some cutting edge research as contestants focus on finding weaknesses in mobile web browsers, Near Field Communication (NFC), Short Message Service (SMS), and cellular baseband.

We are looking forward to the contest because it offers a safe environment for direct collaboration, and the details of the research are only discussed with the affected vendors. This means that customers are not put at risk while vendors work with researchers to address any issues that are uncovered. Sponsoring this contest is another logical step toward BBSIRT advancing the technologies that continue to help us deliver the unique level of security that our customers depend upon.

In addition to our collaboration with the security community, we are also focused on how RIM can help influence and support security throughout IT infrastructures. As a result, we are pleased to announce that we became a member of the Industry Consortium for Advancement of Security on the Internet (ICASI). ICASI fosters an open dialogue between industry leaders in information technology (IT) to address multi-product security challenges and to better protect the IT infrastructures that support the world’s enterprises, governments and citizens.

Our industry is no longer facing threats that are isolated to a single platform or technology. The focus areas for Mobile Pwn2Own highlight that the vulnerabilities discovered will likely cross platforms, and therefore, these emerging threats emphasize the need for associations like ICASI to help bridge the gap for the common good of everyone on the Internet.

As September approaches, we are eagerly awaiting the kickoff of the Mobile Pwn2Own competition. In the meantime, our collaboration efforts are ongoing. If you have security research you would like to discuss with us, we would love to hear from you at secure@rim.com.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus