BlackBerry Messenger and Secure Work Space affected by Heartbleed security flaw in OpenSSL

Security updates planned for BlackBerry Messenger and Secure Work Space - but most BlackBerry services don't use OpenSSL, says company

BlackBerry, the maker of security-hardened smartphones, is the latest vendor to be affected by the Heartbleed bug in the OpenSSL stack.

BlackBerry senior vice president Scott Totzke has said that the company needs to update Secure Work Space corporate email, as well as BBM for Google Android and Apple iOS, as a result of the Heartbleed bug. Patches will be rolled out shortly, he added, while the company has issued an advisory.

Totzke described the level of risk as "extremely small" because BlackBerry smartphones have added security that restricts access to data on the device. Furthermore, BlackBerry does not use OpenSSL in the majority of its services and the core BlackBerry platform is therefore unaffected by the bug.

In a statement, BlackBerry said: "BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue."

However, many other mobile applications will also be at risk because of the widespread use of OpenSSL - as well as, perhaps, mobile device management (MDM) software. Other organisations that have warned of risks arising from the Heartbleed bug include Cisco Systems, Juniper Networks, IBM, Oracle and Red Hat.