RIM's PlayBook Security Patch Doesn't Last LongResearch In Motion hoped to close a security breach with a software update to its PlayBook tablet, but coders cracked the patch in only a few hours.
Research In Motion provided a system update to the BlackBerry PlayBook tablet late Tuesday. According to the changelog, the primary purpose of the update was to plug a security hole being exploited by the Dingleberry Playbook jailbreak tool.
The log said that version 188.8.131.5267, which is only 5 MB in size, "offers support for Flash 10.3 and updates to Adobe AIR to support developers in addition to DST and security fixes."
Researchers had recently released a tool--called Dingleberry--that unlocks the PlayBook, a first for RIM's tablet, which included government-grade security features. Once unlocked, PlayBook users are granted access to the entire PlayBook codebase, allowing them to do a lot more with it than through the generally available tools.
For example, the Android Market--and its hundreds of thousands of apps--is available for the first time on the PlayBook. While RIM is still developing PlayBook OS 2.0, which will bring support for Android apps in an emulator, impatient PlayBook owners can dive in now if they don't mind cracking the tablet's code. (The patch isn't yet available to developers already using the PlayBook OS 2.0 beta.)
[ No doubt, RIM's had a bad year. Will RIM Make It To 2013? ]
RIM responded to the news of a jailbreak for its beleaguered tablet. "RIM will follow its standard response process to develop and release a software update that is designed to minimize adverse impact to our customers or carrier partners," RIM said in a statement last week. "RIM is aware that the security researchers have stated they intend to release a tool to jailbreak the BlackBerry PlayBook tablet. If such a tool is released, RIM will investigate it."
As stated, the security patch was able to close up the breach discovered by the Dingleberry developers--but not for long.
Chris Wade, one of the researchers behind the rooting tool, released a new version of Dingleberry that uses a different exploit to punch through the PlayBook's security to achieve jailbreak.
RIM has yet to make any statements about the new jailbreak, but surely it is cursing and already looking at ways to plug the new hole.
Earlier this year, the PlayBook was awarded FIPS certification by the National Institute of Standards and Technology (NIST). It is the only tablet that has received this level of security certification.
FIPS certification is required for devices to be used by the federal government. This clears the PlayBook for use by government agencies, and means the PlayBook meets RIM's own stringent security requirements for features such as native email and contact management.
RIM has to stand by the PlayBook, especially with respect to security. I'd expect RIM to distribute a new security update as quickly as it can.
Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)