A recent BlackBerry Security Advisory informed users of the existence of a remote code execution vulnerability (CVE-2014-1468) that affect BlackBerry 10 smartphone running OS versions earlier than version 10.2.0.1055.
As described in the advisory the attackers could exploit the vulnerability sending a specially crafted message over a Wi-Fi network to the qconnDoor service running on the smartphone. The flaw requires that a user enables development mode on a smartphone connected to a Wi-Fi network, that isn’t enabled by default on BlackBerry 10 smartphones, this last requirement need a significant interaction with targeted mobile.
“BlackBerry customer risk is limited by the inability of a potential attacker to force exploitation of the vulnerability without significant customer interaction or having physical access to the smartphone.”
The attack exploits a stack-based buffer overflow vulnerability in the qconnDoor service which is implemented by BlackBerry 10 OS to provide developer access, such as shell and remote debugging capabilities, to the smartphone.
“Successful exploitation of this vulnerability could potentially result in an attacker terminating the qconnDoor service running on a user’s BlackBerry smartphone. In addition, the attacker could potentially execute code on the user’s BlackBerry smartphone with the privileges of the root user (superuser).”
The exploitation of the vulnerability allows an attacker to execute code with the superuser profile .
The above attack scenario is not unique, the attacker could succeed connecting the targeted mobile device to a computer using a USB cable and sending the malicious messages to the qconnDoor service.
The blackberry-connect is a tool available in the BlackBerry Network Development Kit (NDK) and it provides SSH connectivity to the BlackBerry 10 smartphone. As explained in the advisory, if the service is already connected using blackberry-connect, it is impossible for an attacker to compromise the qconnDoor service over Wi-Fi or USB.
The advisory invite users to install last software update to protect affected BlackBerry 10 Smartphones and provides a few suggestions to mitigate the vulnerability:
(Security Affairs – BlackBerry 10, mobile)