RIM lays out policy on jailbreaking (hint: don’t do it)
BlackBerry maker Research in Motion sells a lot of products to business clients, so it’s no surprise that security is a key feature. So when people figure out how to jailbreak a device such as the BlackBerry PlayBook by exploiting a security hole in the software, it’s not surprising that RIM moves to patch that hole.
Today BlackBerry Security Incident Response Team director Adrian Stone provided some details about how the company prioritizes those security fixes though.
Jailbreaking a device allows you to access files and settings that would otherwise be hidden, allowing you to run apps that may not be officially supported and allowing the device to work in ways that the developers of the operating system may not have intended.
There are basically two methods for jailbreaking a device. The first requires physical access to the phone or tablet since you need to connect it to a computer with a cable and maybe to change settings on the device. The second method could rely on an exploit in the web browser or other software on the device to that when you visit a website your device is jailbroken.
Stone says the BBSIRT takes both types of jailbreak seriously, but that the team will probably only rush a security update if the latter type is found since it poses a much greater security risk. After all, if you can jailbreak your device just by visiting a website, what’s to stop someone from posting code on their site that jailbreaks your device without your knowledge and then steals your data?
On the other hand, since there’s not much risk of you accidentally jailbreaking your device by tethering it to a computer, putting it into developer mode, and downloading and running a jailbreak utility, RIM puts a somewhat lower priority on patching that sort of exploit.
But they will patch those exploits. They’ll just typically roll the fix into a larger software update and offer it in the future.
That’s exactly what happened when BlackBerry PlayBook OS 2.0 was released recently. Users had been able to jailbreak the BlackBerry PlayBook tablet running OS 1.0 and even early versions of PlayBook OS 2.0 beta using a tool called DingleBerry. But DingleBerry 3.3.3 and earlier don’t work with the latest version of the tablet operating system.
The developers behind DingleBerry are working on a new version which may be able to jailbreak PlayBook OS 2.0. But once DingleBerry 4.0 is released, the clock will be ticking and it will only be a matter of time before RIM patches whatever security vulnerabilities it relies on.