BlackBerry Messenger and Secure Work Space affected by Heartbleed security flaw in OpenSSL

By Graeme Burton
14 Apr 2014 View Comments
Blackberry logo

BlackBerry, the maker of security-hardened smartphones, is the latest vendor to be affected by the Heartbleed bug in the OpenSSL stack.

BlackBerry senior vice president Scott Totzke has said that the company needs to update Secure Work Space corporate email, as well as BBM for Google Android and Apple iOS, as a result of the Heartbleed bug. Patches will be rolled out shortly, he added, while the company has issued an advisory.

Further reading

Totzke described the level of risk as "extremely small" because BlackBerry smartphones have added security that restricts access to data on the device. Furthermore, BlackBerry does not use OpenSSL in the majority of its services and the core BlackBerry platform is therefore unaffected by the bug.

In a statement, BlackBerry said: "BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue."

However, many other mobile applications will also be at risk because of the widespread use of OpenSSL - as well as, perhaps, mobile device management (MDM) software. Other organisations that have warned of risks arising from the Heartbleed bug include Cisco Systems, Juniper Networks, IBM, Oracle and Red Hat.

Reader comments
blog comments powered by Disqus
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

56 %
15 %
7 %
20 %
2 %