BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB) is set to release updates for the security holes created by Heartbleed, an OpenSSL flaw recently uncovered by researchers earlier this month. This vulnerability is found in OpenSSL software programs which were designed to keep data secure across a variety of services including online shopping, banking, messaging, and content sharing.
Heartbleed’s potential risks
Hackers can use this flaw to communicate with the server, steal data, then vanish without a trace. OpenSSL’s engineer opened up last week explaining the problem was accidental and wasn’t malicious as others claimed. The vulnerability has been around for a while but there has yet to be a public reports of hackers.
CNET added, “A number of companies have issued patches to stem the problem, including Google Inc (NASDAQ:GOOG) (NASDAQ:GOOGL), Facebook Inc (NASDAQ:FB), YouTube, Yahoo! Inc. (NASDAQ:YHOO) and Pinterest. According to Reuters, BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB) is now next on the list: BlackBerry senior vice president Scott Totzke said the company will need to update two popular products, Secure Work Space corporate email and BBM messaging program for Android and iOS.”
Totzke added that most BlackBerry Ltd (NASDAQ:BBRY) (TSE:BB) services don’t utilize OpenSSL; however, BlackBerry Messenger and Secure Work Space are vulnerable if cyber criminals access the applications through carrier networks or Wi-Fi. Right now, security patches are being released just in case although the risk is rather small.
Other OpenSSL apps at risk
According to security experts, other mobile applications with OpenSSL are also vulnerable. Lacoon Mobile Security’s Michael Shaulov believes apps that compete with BlackBerry in mobile device management are susceptible to hacks. He added, “It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices.”
Not surprisingly, government agencies and tech companies are taking strong precautions with the threat. Federal officials alerted businesses and financial institutions last week of the problem, warning the companies of potential hackers. Some tech companies such as Hewlett-Packard Company (NYSE:HPQ), Cisco Systems, Inc. (NASDAQ:CSCO), Oracle Corporation (NYSE:ORCL), Intel Corporation (NASDAQ:INTC), International Business Machines Corp. (NYSE:IBM), Red Hat Inc (NYSE:RHT), and Juniper Networks, Inc. (NYSE:JNPR) also alerted consumers of the risk.