Waterloo, ON. A statement from the Waterloo, Ontario -based company says investigations have found no problems from Heartbleed on Blackberry smartphones and servers, which are ‘fully protected from the OpenSSL issue.’
A representant for BlackBerry was unable to confirm whether BlackBerry would issue a software update to fix the security issues with BBM on Android and iPhone devices. BlackBerry says Apple Android and iPhone devices running chat software BlackBerry Messenger face an ‘extremely small’ risk from the Heartbleed software bug. This bug is caused by a flaw in OpenSSL software, that is used on the Internet to provide security and privacy.
BBM or BlackBerry Messenger was created originally for the company’s own products, but BlackBerry released software which made the app available to users on Android and iPhone devices. There are different versions which run on non-BlackBerry smartphones don’t have the same security standards as a phone connected to its enterprise servers. Those are the backbone of the company’s security features.
But it warned that hacker attacks were possible on these other versions of BBM although they would be ‘extremely difficult to execute,’ requiring a so-called “man in the middle” attack who should intercept data from a device before it reaches its destination server, or involves picking off traffic as it moves in between different devices and networks. An attack would grab the traffic and literally steal my username and password from that exchange. It’s literally standing between you and the system you want to access and stealing the credentials as you enter them.
Canada Revenue Agency affected.
The vulnerability posed by Heartbleed came to public attention this month but researchers say it may have existed for years. Security experts say Heartbleed may undermine security features of websites and networking equipment, but the extent of the damage isn’t known.
Canada Revenue Agency says it estimates the social insurance numbers of roughly 900 people were stolen from its systems through a six-hour breach before the CRA blocked public access to its online services last week.