Elevation of privilege vulnerability in file sharing capability impacts the BlackBerry PlayBook tablet software

Article ID: KB29191

Type:   Security Advisory

First Published: 12-06-2011

Last Modified: 01-19-2012

 

Product(s) Affected:

  • BlackBerry PlayBook tablets
Collapse Products
ExpandAffected Software
BlackBerry® PlayBook™ tablet software version 1.0.8.4985 and earlier
ExpandNon Affected Software
BlackBerry PlayBook tablet software version 1.0.8.6067 or later
ExpandAre BlackBerry smartphones and the BlackBerry Device Software affected?
No.
CollapseIssue Severity
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 7.2.
CollapseOverview

A vulnerability that could allow elevation of access privilege on a BlackBerry PlayBook tablet exists in the BlackBerry PlayBook service used to share files over a USB connection between the tablet and a computer running BlackBerry Desktop Software. This vulnerability cannot be exploited by a remote attacker and it presents a low security risk of elevation of privilege attacks against BlackBerry PlayBook tablet users. RIM is not currently aware of this issue being used in attacks against BlackBerry customers.

A user could execute specially crafted code to use this vulnerability to manipulate a BlackBerry PlayBook backup archive file and alter a specific configuration file in order to gain root user privileges (access to system administration-level functionality) on the BlackBerry PlayBook tablet. An individual attempting to use this vulnerability to gain root privileges to the BlackBerry PlayBook tablet requires local access to both the tablet and to the connected computer running BlackBerry Desktop Software, including knowledge of any security passwords that are set.

ExpandWho should read this advisory?
  • BlackBerry PlayBook tablet users
  • IT administrators who deploy BlackBerry PlayBook tablets in an enterprise
ExpandWho should apply the software fix(es)?
  • BlackBerry PlayBook tablet users
  • IT administrators who deploy BlackBerry PlayBook tablets in an enterprise
ExpandRecommendation

Complete the resolution actions documented in this advisory. RIM recommends that all users apply the available software update to fully protect their BlackBerry PlayBook tablet.

ExpandReferences
CVE® Identifier: CVE-2011-0291
CollapseProblem

If the BlackBerry PlayBook tablet user turns on the File Sharing option, the user can share files over an active USB connection between the tablet and a computer that is running BlackBerry Desktop Software. The user can use the BlackBerry Desktop Software to create a backup archive file of part of the contents of the BlackBerry PlayBook file system. The archive file is stored on the connected computer.

A user with local access to the tablet and the computer could use the vulnerability to manipulate a BlackBerry PlayBook backup archive file and alter a File Sharing service configuration file in order to gain root user privileges on the BlackBerry PlayBook tablet. As best practices, users should set a strong BlackBerry PlayBook tablet password, and also set a password to protect shared files when enabling file sharing.

ExpandImpact

A successful exploitation of the vulnerability would allow a user to alter his or her BlackBerry PlayBook tablet software in order to obtain access to systems or applications not officially authorized or distributed by RIM. As a result, the user could unknowingly bypass security controls protecting the BlackBerry Tablet OS and his or her user data. Those protections are provided by design to a user running with standard privileges. Under the conditions of the compromise, the tablet could be more susceptible to performance and stability concerns, and could be at higher risk for potential security vulnerabilities against which the user would otherwise be protected.

Mitigations

RIM recommends that all users apply the available software update (BlackBerry PlayBook tablet software version 1.0.8.6067) to fully protect their BlackBerry PlayBook tablet. However, prior to the software update being applied, the risk of exploitation is mitigated by the fact that the user can only exploit the vulnerability locally on a BlackBerry PlayBook tablet while having access to the BlackBerry PlayBook backup file on a computer that is connected to the tablet over USB.

CollapseResolution

RIM has issued BlackBerry PlayBook tablet software version 1.0.8.6067 which resolves this vulnerability on affected versions of the tablet. Update your BlackBerry PlayBook tablet software to version 1.0.8.6067 or later to apply the update.

Note: This BlackBerry PlayBook tablet update includes all previously released security updates to the BlackBerry Tablet OS.

Update by Accessing the Software Update Notification

Your BlackBerry PlayBook tablet uses notifications to keep you informed about software updates. When a new software update notification comes in, it appears in the BlackBerry PlayBook status ribbon at the top of the screen.

Simply view your notifications and follow the steps to access the latest software update notification and complete the software update.

Manually Check for Software Updates

  1. From the home screen, tap  to open Options.
  2. Tap Software Updates.
  3. Tap Check for Updates.

After you update your software, the screen will indicate that you have installed BlackBerry Tablet OS version 1.0.8.6067 or later.

CollapseWorkaround

All workarounds should be considered temporary measures for customers to employ if they cannot install the update immediately or must perform standard testing and risk analysis. RIM recommends that customers without these requirements simply install the update to secure their systems.

Encrypt backup files

If a user chooses to create a backup of the BlackBerry PlayBook tablet, the user should select the Encrypt backup file check box during the backup process to encrypt the backup file. For more information, see Backup smartphone or tablet data in the BlackBerry Desktop Software User Guide

Related best practices

  • To ensure the security of user data, users should store their backup files securely, whether they choose to encrypt them or not.
  • To increase the difficulty of decrypting a backup file, users should always use a strong password to encrypt the data. A strong password has the following characteristics:
    • includes punctuation marks, numbers, capital and lowercase letters
    • does not include the user name, account name, or any word or phrase that would be easily guessed
    • is not the same as the BlackBerry PlayBook tablet password
CollapseAdditional Information

Have any BlackBerry customers been subject to an attack that exploits this vulnerability?

RIM is not aware of any attacks on or specifically targeting BlackBerry PlayBook tablet users.

How would an attacker exploit this vulnerability?

An individual attempting to use this vulnerability to gain root privileges to the BlackBerry PlayBook tablet requires local access to both the tablet and to the connected computer running BlackBerry Desktop Software, including knowledge of any security passwords that are set. A local user could execute specially crafted code to use this vulnerability to manipulate a BlackBerry PlayBook backup archive file and alter a specific configuration file in order to gain root user privileges (access to system administration-level functionality) on the BlackBerry PlayBook tablet.

What component does this vulnerability affect?

This vulnerability affects the file sharing capability of the BlackBerry PlayBook tablet.

What risks might a user incur by exploiting this vulnerability on his or her tablet?

A successful exploitation of the vulnerability would allow a user to alter his or her BlackBerry PlayBook tablet software in order to obtain access to systems or applications not officially authorized or distributed by RIM. As a result, the user could unknowingly bypass security controls protecting the BlackBerry Tablet OS and his or her user data. Those protections are provided by design to a user running with standard privileges. Under the conditions of the compromise, the tablet could be more susceptible to performance and stability concerns, and could be at higher risk for potential security vulnerabilities against which the user would otherwise be protected.

Does the BlackBerry PlayBook tablet force me to update my software?

No, your action is required to update the software. Your BlackBerry PlayBook tablet uses notifications to keep you informed about software updates and allows you to easily complete a software update. You can also manually check for software updates. See the Resolution section of this advisory for steps to update your software.

How can I find out what version of BlackBerry Tablet OS I am running?

From the home screen, tap the Settings icon, tap About, and view the OS Version field in the General settings.

Are new (still in the box) BlackBerry PlayBook tablets exposed to this vulnerability?

No. During the initial setup process, the BlackBerry PlayBook tablet will download and install the latest version of the BlackBerry Tablet OS, which will be version 1.0.8.6067 or later. The fix for this vulnerability is included in all future versions of the BlackBerry PlayBook tablet software.

What is CVE?

Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (CVE Identifiers) for publicly known information security vulnerabilities maintained by the MITRE corporation.

What is CVSS?

CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS for vulnerability assessments to present an immutable characterization of security issues. RIM assigns all relevant security issues a non-zero score.

Where can I read more about BlackBerry PlayBook security?

Read the BlackBerry PlayBook Security Technical Overview for more information on security features in the BlackBerry PlayBook tablet.

Where can I read more about the security of BlackBerry products and solutions?

Visit http://www.blackberry.com/security for more information on BlackBerry security.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.