August 2014 Archives

2014-08-12

CVE-2014-2388 - Storage and Access File-Exchange Authentication By-Pass

Summary

The Blackberry Z10 mobile phone offers a network service ("Storage and Access") for ad-hoc file-exchange between the phone and a network client. To achieve these goals, the mobile device deploys a Samba fileserver, which can be used to upload or download files to or from the Blackberry phone. To enable fileserver access from wireless networks, the user has to explicitly enable "Access using Wi-Fi" on the phone. Afterwards, the Z10 asks the user to enter a password that is required to get access to the fileserver. modzero identified an authentication by-pass vulnerability in the fileserver implementation of the password handling that is used on the Z10 [1]: The fileserver fails to ask for a password and allows unauthenticated users to obtain read and write access to the offered shares. The severity is considered medium to high, as an attacker may be able to distribute targeted malware or access confidential data.

All technical details and backgrounds about this issue and its analysis can be found in our security advisory http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt.

Credits:

  • David Gullasch
  • Max Moser
  • Martin Schobert

References:

  • [1] http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt
  • [2] http://www.blackberry.com
  • [3] http://docs.blackberry.com/en/smartphone_users/deliverables/47561/als1334683894417.jsp
  • [4] http://helpblog.blackberry.com/2013/03/copy-z10-files-wifi/
  • [5] http://modzero.ch/advisories/media/mz-13-04-poc.mp4
  • [6] http://www.samba.org/

Posted by modzero | Permanent link | File under: blackberry, mobile, security, advisory