CanSecWest: Latest BlackBerry 10 Security Research
Last week, I gave a talk at CanSecWest with Ben Nell of Accuvant Labs on some of our security research against the BlackBerry 10 mobile platform. Our presentation, No Apology Required: Deconstructing BB10, like our past BlackBerry PlayBook presentation, discussed some of the black-box style research we've conducted over the past year or so.
We found that many of our techniques and tactics for reverse engineering, attack surface enumeration, and vulnerability discovery were (unsurprisingly) quite similar to those we applied to the PlayBook (which generally makes sense, given the lineage of BB10).
Our presentation was primarily exploratory in nature, in that it focused more on methodology than on the issues we identified (most of which we were unable to discuss due to non-disclosure agreements).
We looked at BB10 from the ground up, including the OS itself (based on the QNX Real Time Operating System); some BB10-centric security enhancements and features (such as Balance); and the BB10 application model (unfortunately, we didn’t dive into hardware security too much for this particular presentation).
We also shared some interesting things we stumbled across while simply performing reconnaissance about BB10, such as internal bug reports and file dumps of pre-release firmware images!
If you’re interested in BB10, QNX, or just our general approach to looking at this black box, we encourage you to check out the slides below. We hope to eventually share some more information as this research continues, as well as scripts/tools we’ve developed, so stay tuned!