BlackBerry Messenger and Secure Work Space affected by Heartbleed security flaw in OpenSSL

By Graeme Burton
14 Apr 2014 View Comments
Blackberry logo

BlackBerry, the maker of security-hardened smartphones, is the latest vendor to be affected by the Heartbleed bug in the OpenSSL stack.

BlackBerry senior vice president Scott Totzke has said that the company needs to update Secure Work Space corporate email, as well as BBM for Google Android and Apple iOS, as a result of the Heartbleed bug. Patches will be rolled out shortly, he added, while the company has issued an advisory.

Further reading

Totzke described the level of risk as "extremely small" because BlackBerry smartphones have added security that restricts access to data on the device. Furthermore, BlackBerry does not use OpenSSL in the majority of its services and the core BlackBerry platform is therefore unaffected by the bug.

In a statement, BlackBerry said: "BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue."

However, many other mobile applications will also be at risk because of the widespread use of OpenSSL - as well as, perhaps, mobile device management (MDM) software. Other organisations that have warned of risks arising from the Heartbleed bug include Cisco Systems, Juniper Networks, IBM, Oracle and Red Hat.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

36 %
34 %
11 %
19 %