We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

BlackBerry users get patch for phishing flaw

Site certificate bug fixed by security update

Research In Motion has released a BlackBerry patch that fixes a display flaw that could help phishers conduct an attack.

The flaw involves the dialog box that displays when a BlackBerry user visits a supposedly secured site that uses a mismatched security certificate. If a scammer creates a certificate that uses hidden characters, the BlackBerry browser will correctly recognise a mismatch between such a certificate and a website's name and display a warning dialog.

However, the old dialog doesn't display hidden characters, which could make the certificate and site name look the same in the warning and lead users to ignore it.

The new version will correctly display hidden characters in the dialog box. For screenshot examples of the old v. new dialog boxes, along with further details, see RIM's security advisory. According to that post, all versions of the BlackBerry Device Software need the patch, which is available from http://www.blackberry.com/updates/.

See also:

BlackBerry reviews

RIM BlackBerry Storm 2 review


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...