Skip to main content

RIM: turn off JavaScript on your BlackBerry

Research In Motion is urging BlackBerry users to disable JavaScript on their devices following the public reveal of an exploit during last week’s Pwn2Own contest at the annual CanSecWest security conference. The hack springs from a vulnerability in the WebKit browser rendering engine used in BlackBerry Device Software version 6.0 and later.

Any data stored the device’s media card and built-in media storage is in danger of being accessed, though e-mail, calendar and contacts data are safe, according to a RIM security advisory. Application data on a BlackBerry is stored separately, alongside the app itself, and the exploit is apparently unable to access anything saved on that level.

RIM notes in its advisory that “the exploitation of the vulnerability was performed at the Pwn2Own 2011 contest and is publicly known.” Though the security hole was demonstrated at the event, there have been no reports to the BlackBerry Security Incident Response Team that the hack has been successfully exploited outside the closed Pwn2Own setting.

That said, the vulnerability exists and caution is advised. At the most basic level, RIM recommends that all BlackBerry users be cautious about which websites they browse to until the issue has been addressed. The company also recommends disabling JavaScript on your BlackBerry’s web browser, noting that “the issue is not in JavaScript but the use of JavaScript is necessary to exploit the vulnerability.” The method for turning off the service may vary by phone, but the basic idea is simple: open your browser, select “Web Content” in the options menu and uncheck the “Enable JavaScript” box.

Editors' Recommendations