By Marcus Leach
Following the first independent security review of the BlackBerry PlayBook, NGS Secure, an NCC Group company, is advising businesses to exercise caution when planning the integration of RIM's tablet into their operations while some of its key technologies are still being implemented.
NGS Secure's team of experts have reviewed many aspects of the device's security and, in the first of a series of reports, revealed several flaws that may impact the security of the device.
The issues identified include unintended access to the file system, security flaws in relation to a third party web server and also a flaw in the device's HDMI video interface, which was discovered using a bespoke hardware-based video protocol fuzzer, created by NGS Secure specifically for this project.
However, more of an issue for businesses is the fact that the security of the product is in reality unknown as many of the key applications are yet to be released.
"In my opinion, and from the results of our research, there are a number of technologies that I'm sure RIM would have liked to include in this version of the PlayBook. However, these did not appear to be ready in time for the release date," Andy Davis, research director at NGS Secure, commented.
"The decision to release the device with some of this functionality missing is likely to have been made due to the speed of its competitors in getting rival tablets to market, for example Apple had already released the iPad 2 before the PlayBook was finally made available.
"This has meant however that, if businesses are to take IT security as seriously as they should be, it is difficult for them to decide whether this technology is mature enough yet to be adopted in the Enterprise.
"Our advice to any business looking at tablet technology, or indeed any new technologies, is not to rush into implementing them until all aspects have been proven."
NGS Secure has made RIM aware of the findings of this research and they are making changes to address the vulnerabilities identified.
This report follows the research conducted by iSEC Partners, an NCC Group company based in the US. These investigations found Apple’s OS to be lagging behind that of its competitors and, whilst Apple’s security proved more robust against the initial stages of an advanced persistent threat (APT) attack, once a hacker has gained access to a network, Apple’s server protocols make it easier to roam around the network, increasing their level of authorised access and leaving user’s exposed to greater potential risk.
The second part of NGS Secure's independent security review of the PlayBook is planned for release in September.
Join us on