BlackBerry Explains the Impact of KRACK Vulnerability on BlackBerry Products

 

Recently, a Wi-Fi vulnerability known as KRACK has been making some headlines. This Wi-Fi vulnerability is an exploit that attacks the handshake of WPA2 protocol that is used to protect your Wi-Fi network.

Many have been wondering what impacts this has on BlackBerry device. Today, BlackBerry has announced the impact that KRACK has had on BlackBerry devices.  As per BlackBerry, updates are already being rolled out to BlackBerry Android devices as we speak. Some devices should have already received these updates actually. The update is built into the October Security update that is being rolled out.

Summary of impact on BlackBerry products

BlackBerry powered by Android smartphones

BlackBerry investigated the impact to its products and determined that BlackBerry powered by Android smartphones are affected by the following vulnerabilities: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.

An updated software build to remediate these issues has been included in BlackBerry powered by Android builds identified by the Build numbers AAQ280, AAQ281, or AAQ289.

  • For customers with BlackBerry powered by Android smartphones purchased through ShopBlackBerry.com, BlackBerry has begun making the fix available and will continue to deploy builds as they become available.
  • For customers with BlackBerry powered by Android smartphones not purchased directly from BlackBerry, please consult your carrier or licensed manufacturer.

BlackBerry Enterprise products

Our enterprise solutions, including BlackBerry UEM, BlackBerry Dynamics, BBM Enterprise or BlackBerry Workspaces do not assume that the network used to carry the data is trustworthy, and therefore a weakness in the Wi-Fi protocol used as part of that network does not impact these solutions. Further, communication between UEM and devices is protected by additional layers of encryption. Please see Protecting data in transit in the BlackBerry UEM Security Note.

Actions for customers

BlackBerry recommends that all users of BlackBerry powered by Android smartphones should update to a build that contains the fix, as identified above, as soon as it is available. There is no action necessary for users of BlackBerry UEM, BlackBerry Dynamics, BBM Enterprise or BlackBerry Workspaces.

It is great to see BlackBerry take such quick action with this security threat. While not mentioned, I am pretty certain BlackBerry 10 devices have not been affected by this threat but we are reaching out to BlackBerry for further clarification.

The following two tabs change content below.

Brad

Editor in Chief at BerryReporter
Brad is the Editior-in-Chief for berryreporter.com and he is a BlackBerry abuser. He loves to share his news and knowledge in the BlackBerry world through his post and his Podcast "The Berry Report". When he is not using a BlackBerry device he likes to play video games, watch movies ,tv shows, sports, or exploring other mobile platforms. Feel free to follow him on twitter @BlackBerryBrad or Add him to BBM Pin:BBBrad

Leave a Comment