The scope of the HeartBleed security vulnerability continues to grow. First identified on servers running websites, its effects have spread now to other types of software and hardware including mobile devices. BlackBerry is now planning to release an update for its BBM for Android and iOS apps to address to address this issue after it came to light last week. It will also patch its Secure Work Space corporate email client.
On a positive note, BlackBerry has determined that most of its products, including BlackBerry smartphones and tablets are not affected by HeartBleed.
Speaking to Reuters, BlackBerry senior vice president Scott Totzke explained the impact of the issue for BlackBerry:
“The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.
“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.
Heartbleed is a security vulnerability found in the OpenSSL software commonly used to establish secure communications between devices. The flaw effectively allows a malicious attacker to obtain information such as private keys and passwords from the server that would compromise the security of the communication.
Given the scope of the vulnerability, it is likely that we will see more patches coming out from other developers and manufacturers in the days and weeks to come. In the meantime, changing passwords is strongly recommended, especially once you know that the website or app using the password has been patched for HeartBleed.
Source : Reuters