RIM lays out policy on jailbreaking (hint: don’t do it)

BlackBerry maker Research in Motion sells a lot of products to business clients, so it’s no surprise that security is a key feature. So when people figure out how to jailbreak a device such as the BlackBerry PlayBook by exploiting a security hole in the software, it’s not surprising that RIM moves to patch that hole.

DingleBerry

Today BlackBerry Security Incident Response Team director Adrian Stone provided some details about how the company prioritizes those security fixes though.

Jailbreaking a device allows you to access files and settings that would otherwise be hidden, allowing you to run apps that may not be officially supported and allowing the device to work in ways that the developers of the operating system may not have intended.

There are basically two methods for jailbreaking a device. The first requires physical access to the phone or tablet since you need to connect it to a computer with a cable and maybe to change settings on the device. The second method could rely on an exploit in the web browser or other software on the device to that when you visit a website your device is jailbroken.

Stone says the BBSIRT takes both types of jailbreak seriously, but that the team will probably only rush a security update if the latter type is found since it poses a much greater security risk. After all, if you can jailbreak your device just by visiting a website, what’s to stop someone from posting code on their site that jailbreaks your device without your knowledge and then steals your data?

On the other hand, since there’s not much risk of you accidentally jailbreaking your device by tethering it to a computer, putting it into developer mode, and downloading and running a jailbreak utility, RIM puts a somewhat lower priority on patching that sort of exploit.

But they will patch those exploits. They’ll just typically roll the fix into a larger software update and offer it in the future.

That’s exactly what happened when BlackBerry PlayBook OS 2.0 was released recently. Users had been able to jailbreak the BlackBerry PlayBook tablet running OS 1.0 and even early versions of PlayBook OS 2.0 beta using a tool called DingleBerry. But DingleBerry 3.3.3 and earlier don’t work with the latest version of the tablet operating system.

The developers behind DingleBerry are working on a new version which may be able to jailbreak PlayBook OS 2.0. But once DingleBerry 4.0 is released, the clock will be ticking and it will only be a matter of time before RIM patches whatever security vulnerabilities it relies on.

  • http://www.facebook.com/tracy.cooperjr Tracy Cooper Jr.

    Double post

  • http://www.facebook.com/tracy.cooperjr Tracy Cooper Jr.

     You know what? Google, Apple, and RIM could help themselves out a lot by allowing Root or Jailbreaking or whatever without needing to hack into the system ourselves. Just as an example, if users were able to get root on an android device by installing a certificate or entering a long string then there would be no reason for the people hacking the system to keep their methods a secret. They could do it and know that telling Google about the flaw wouldn’t mean they now have to find another way to get the same access. Why can’t these companies see this? People want to be able to do what they want with the device they purchased.

  • http://www.facebook.com/mr.e.cameron Earl Cameron

    why be locked down?

    • CyberGusa

       RIM especially caters to the Enterprise consumer base, which puts a high premium on security and stability.

      So to them any vulnerabilities are a threat to providing that security reliably to avoid things like corporate espionage, etc.

      Other companies do it for similar reasons like extra protection for things like DRM to prevent piracy and other concerns.

      Problem is many in the industry are a bit paranoid about how possibly ineffective existing security measures are for ARM based devices and that tends to push arguably a little overkill on devices that shouldn’t need that level of security.  Though some are willing to allow it under certain conditions but at user risk.

  • Someone

    Hmm.  Good move for the Enterprise…  Not that they have much penetration there with the Playbook at least.  Not such a great move for the tiny percentage of users who jailbreak their devices.  

    That said, I’d agree with one thing.  If a website can jailbreak your device, then it is NOT safe, and you should NOT use it for anything even remotely sensitive.  The only thing keeping your data safe at that point is hacker apathy which is a bad thing to count on.

  • darkseider

    This is why RIM doesn’t sell many Playbooks at all.

    • CyberGusa

       I would disagree, much of the issues with the Playbook was bad marketing, lack of a developed app ecosystem, lack of accessories, initial handicapping by tying certain functions to requiring use of a Blackberry phone, and the initial pricing that left many to wonder on the investment cost compared to more well known tablet makers.

      While security is generally consider a good thing and most people never jailbreak or root their devices.

      Many of the issues have now been solved with the lower pricing and OS 2.0 update but it remains to be seen if this is too little too late or not.  Though it means at least the Playbook has a fighting chance in the market but still needs to get past a lot of the negative pre-conceptions many people have developed about it and the fact it’s no longer a top of the line product for 2012.

  • trent folk

    Dear RIM

    Enable USB support and I won’t have to jailbreak my playbook.
    I agree with what Tracy said in the last line of his post.

    • CyberGusa

       I agree that they should do this, the hardware definitely supports it.

      While I think they will, the new management definitely seems to be better than the previous and making better decisions.  The new mini keyboard accessory being one of the new things that were long over due and a possible sign of more such accessories coming and that in turn means a higher likelihood that they’ll enable better USB support.

      Besides, they’re on record that they have every intention of continuing to improve the OS from now till BB10.

  • Balln

    Enable usb
    and give me the android launcher you promised and I have no need to jailbreak!
    My playbook sucks, only due to the fact the rim wants me to use their limited apps,
    even then it closes apps unexpectedly, new mail app is painfully slow to load, my android phone is a much smoother and useful media device.
    Even something as trivial as a mag app like zinio barely works and is limited content. I am going to literally chuck my in the bin. The only reason they had new sales is due to the price drop and the promise of an HCL launcher! It is a great piece of hardware if you are a part of a company board meeting but blows as a personal media device thanks to the tools at rim who want to secure the world for our own protection! Lame company! Phones suck! and now so does the tab!

    • CyberGusa

       The 2.0 OS update does allow running of Android apps, they’re just run like regular PB apps instead of in a separate VM like app, and the list of officially accepted apps is just limited because not all apps will work and RIM is filtering what will through their app store.

      However, there are apps that can be side loaded and there are topics showing how to do so on sites like crackberry, etc. along with lists user experiences on what apps work and whether any are still buggy and may be better to wait for a official PB release.

      In terms of speed, I think that may be a issue with your unit or the way you’re using it because I’ve used it on my dad’s PB and it’s given neither him or me any issues.  While my Android apps are usually more problematic.

      The web browser especially is much better than the browsers I’ve tried on either iOS or Android devices. I can even go to Amazon Instant video and log into my Prime account to watch the available free videos or purchase and watch anything in their collection.

      While Zinio is a known problematic app for now, they themselves said they will have to continue to improve the app for the PB.  Though some consumer feedback indicates they have some issues providing a bug free app on any platform.