How we manage BlackBerry jailbreak issues



I’m Adrian Stone, and I am the Director of the BlackBerry Security Incident Response Team (BBSIRT) here at Research In Motion. The BBSIRT is responsible for responding to potential security issues and investigating vulnerability claims that may impact RIM’s products. Security is a priority for our customers, and that’s why I’ll be contributing regularly to this blog. For my first post, I want to provide some insight into how we investigate and respond to jailbreak-related reports.

“Jailbreaking”, or gaining root access to a device, has become common place in both the mobile and gaming industries. Essentially, gaining this deeper level of access to the core functions of the device allows the user to do things not originally intended by a manufacturer, such as install software outside of “official” channels. Unfortunately, gaining this level of root access may increase the security risk. For this reason, most device manufacturers, including RIM, strongly discourage jailbreaking while understanding that whole communities exist for just that purpose. At RIM, we take these issues very seriously. Let’s walk through how we assess and respond to jailbreaking reports.

From a user perspective, there are two primary ways to jailbreak a device. First, there is the method where the user voluntarily makes changes that require: a) the device to be tethered to a computer; b) access to an authorized user account on the device; and c) may even require the user to make changes to the device’s default settings by putting it into developer mode (which can also compromise security). This method cannot be used by remote attackers to compromise user data or the integrity of the device as it requires both possession of the device and valid user credentials for the device. The second method involves less interaction on the user’s part. For example, a software bug may be exploited from a web page to gain root access to any mobile device and not require any interaction from the user except visiting the page.

On hearing reports of a jailbreak for a BlackBerry® product, the BBSIRT will quickly triage the underlying issue and method used to perform the jailbreak. If it falls into the first category, where extensive user interaction is required, we will seek to address it in a future software update. If it falls into the second category (where a vulnerability is exposed with little to no user interaction), that is an indication of a more serious underlying issue and will most likely result in the release of a security update to address it as soon as possible. When this happens, my team publishes a security advisory or notice. These notifications typically offer an assessment of the issue and the required steps customers should take to resolve the vulnerability.

To be clear, RIM recommends against installing any jailbreaking tool. Customers who use a jailbreaking tool on BlackBerry products void the manufacturer warranty and also increase the long-term risk of negatively impacting the stability and user experience of their BlackBerry products. Use of a jailbreaking tool could also amplify the impact and severity of a future security issue, making your personal data more vulnerable to theft and more difficult to protect. If new jailbreaks for BlackBerry products are reported, rest assured that we will evaluate them and take appropriate action to help protect customers.

But the best actions you can take to protect your BlackBerry products are also pretty simple to follow: 1) keep your BlackBerry software up to date; 2) don’t install jailbreaking tools; and 3) don’t install software from unauthorized or unverified sources.

I look forward to your questions and feedback, so please submit a comment below. The BBSIRT and I promise to read each one and comment back where possible.

Join the conversation

Show comments Hide comments
+ -
  • RIM lays out policy on jailbreaking (hint: don’t do it) - Liliputing

    […] BlackBerry Security Incident Response Team director Adrian Stone provided some details about how the company prioritizes those security fixes […]

  • RIM Says Jailbreaking Your PlayBook Will Void Your Warranty » Geeky Gadgets

    […] You can find out more details over at the BlackBerry for Business Blog. […]

  • RIM says that Playbook jailbreak voids warranty, "lowers stability and user experience" of BlackBerry products |

    […] Inside BlackBerry for Business Blog Via: The Verge […]

  • RIM Officializes Stance Against Jailbreaking - MMA And Fighters News

    […] about it. Yet it’s constantly in the news because it is, in fact, a philosophical conflict. RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post […]

  • RIM clarifies its stance on Playbook jailbreaking

    […] a post on RIM’s Inside BlackBerry for Business Blog, Adrian Stone, the Director of the BlackBerry Security Incident Response Team (BBSIRT), explained […]

  • RIM Advises Customers Not to Jailbreak BlackBerry Products - OnlyGizmos

    […] In a post by Adrian Stone, Director of BlackBerry Security Incident Response Team (BBSIRT), on the official blog of RIM, stated that the company advises its customers against installing any jailbreaking tool on […]

  • BoreroNews - RIM Officializes Stance Against Jailbreaking

    […] RIM has posted an official response to the habit of jailbreaking BlackBerry devices, particularly PlayBooks, though the post doesn’t mention the product by name. Probably because it would be hard to argue against users creating functionality for the device that should have existed there in the first place. […]

blog comments powered by Disqus