RIM Fixes PlayBook Flaw, Jailbreakers Find Bypass

Less than a day after Research in Motion (RIM) patched a flaw that allowed users to jailbreak the PlayBook, hackers have found another security hole to exploit.

On 5 December, a team of hackers, led by “Neuralic”, released Dingleberry, a jailbreak tool, to make it easier for users to jailbreak their own PlayBook tablets in order to gain root access on the device. The team had initially posted a video demonstrating a successful jailbreak a few days earlier.

No safety guarantees

One of the things users could do with the jailbreak was to access the Android Market and download applications onto the tablet. While RIM is building Android support in PlayBook OS 2.0, users willing to hack the tablet’s OS could take advantage of the hundreds of thousands of applications on the Android Market without waiting for the OS update.

“You shouldn’t be able to do any permanent damage, but make sure to back up before playing with anything,” Neuralic warned, adding, “I take no responsibility for damage to your device.”

Jailbreaking smartphones is not illegal, as the Electronic Frontier Foundation won an exemption from the United States Copyright Office to protect users back in 2009. The EFF is currently requesting similar exemptions to the Digital Millennium Copyright Act to allow users to jailbreak video game consoles and tablets.

RIM released an over-the-air update on 6 December to fix the flaw, but within hours of the patch, there was an updated version of Dingleberry available, exploiting a completely different flaw. The initial flaw exploited the fact that backups taken by the BlackBerry Desktop Manager aren’t digitally signed, according to a report onCrackBerry.com.

The program makes a local backup of the entire device, but since it isn’t signed, it is possible to exploit file permissions and inject code into files and change the backup image, according to the site. CrackBerry claimed to have warned RIM about the exploit back in April when the tablet was first released.

Undisclosed flaw

It’s not yet known what kind of a flaw is being exploited by the updated Dingleberry tool.

RIM said the jailbreak exploited a security flaw in PlayBook’s operating system, based on software from QNX, and that the company’s BlackBerry smartphones were not vulnerable. However, upcoming BlackBerry smartphones are expected to run on the same operating system as the PlayBook.

Hacking RIM’s products is notoriously difficult, as the company prides itself on using strong encryption and rigorous security testing. The PlayBook was awarded FIPS certification, a government-grade security certification, by the National Institute of Standards and Technology earlier this year, making it the only tablet to date to have achieved it. FIPS certification is required for all devices being used within the federal government.

The cat-and-mouse game RIM is playing with hackers is similar to Apple’s own experiences with the jailbreaking community. Even Amazon is discovering how quickly the community can find flaws and update its tools. A group of hackers released a jailbreak tool shortly after the Kindle Fire source code was released last month. Users who rooted Amazon’s tablet were able to get the Android Market application, Calendar and Gmail running on the Kindle Fire.

Amazon released a required software update to block the jailbreak tool from running, but the hackers in the XDA community were able to circumvent the patch and release an updated exploit using the same software.