Empowering Customers to Make Informed Decisions about Their Security and Privacy

Uncategorized

Safeguarding our customers’ security and privacy will always be a top priority for BlackBerry. With the capabilities of attackers and mobile threats continuously evolving and increasing, BlackBerry has a 24/7 response team dedicated to identifying and addressing security and privacy issues. As one of the only companies in the mobile industry to have a dedicated incident response team, BlackBerry is able to better protect customers from emerging mobile threats.

In addition to monitoring the threat landscape 24/7, the BlackBerry Security Incident Response Team (BBSIRT) issues security, privacy, and malware notices, as well as security advisories to communicate important updates to customers and the industry. The notifications and advisories are further examples of the steps BlackBerry takes to ensure customers are both informed and protected.

Security Advisory

BlackBerry issues security advisories to inform customers about the availability of a software update to address a confirmed vulnerability. Unlike a security notice (described below), which aims to inform customers of a vulnerability, a security advisory includes information on the security issue as well as the software update that addresses the vulnerability.

Customers can expect the advisory to include technical details regarding the vulnerability, mitigations, workarounds and authoritative guidance to reduce their risk. BBSIRT regularly releases security advisories on the second Tuesday of each month, however, if there is imminent risk to customers, we will release a security advisory sooner to help ensure customers are protected.

Security Notice

BlackBerry issues security notices to inform customers about identified software vulnerabilities that we are either working to address, or that we do not believe warrant a specific software update, given the low risk and severity.

Customers can expect security notices to provide mitigations, workarounds, and authoritative guidance to reduce any potential risk. We do not follow a set schedule for issuing security notices, but rather release these notifications as needed to provide customers with information on how to best secure their device.

Privacy Notice

BlackBerry issues privacy notices to inform customers about third-party applications that do not clearly or adequately inform customers of how the app is accessing and possibly using their data. While such apps do not typically appear to have to have malicious objectives or aim to mislead customers, we want to provide customers with information regarding an app’s behavior in order for them to make an informed decision about whether to continue using the app.

Customers can expect privacy notices to include information about the application’s behavior, and how to remove it, if the customer determines that is the best course of action. We release privacy notices every third Tuesday of the month in order to provide customers with a regular schedule for receiving information.

Malware Notice

BlackBerry issues malware notices to inform customers about third-party applications that contain code developed with malicious intent.

Customers can expect malware notices to provide them with details about the malware’s behavior, potential mitigations and guidance on how to remove it from their device. Similar to security notices, malware notices are released as needed to inform and protect customers, and there is no set schedule.

Customers can find these updates on the BBSIRT website at www.blackberry.com/bbsirt. In addition, BBSIRT also provides updates on its Twitter handle, which is @BBSIRT. Customers may also sign up to receive RSS feeds for the notices and advisories referenced in this blog by visiting the BBSIRT website.

BlackBerry remains committed to providing customers a unique level of protection, especially as mobile devices are playing a greater role in their busy lives. By publicly releasing notices and security updates, we are providing customers with the tools and information that they need to help safeguard their BlackBerry products. Additionally, through this type of public disclosure we are continuing to foster industry collaboration as we work to improve security for the mobile landscape overall.

About Adrian S.

Adrian Stone is the Director of the Security Response and Security Automated Analysis teams at BlackBerry, where he leads a global team comprised of developers, security research and reverse engineers, malware analysts, and operational security incident managers. The Automated Analysis Team creates and implements internal tools for identifying security defects for remediation prior to product release and for the automated identification of new threats to in market products, including malicious app detection. The BlackBerry Security Incident Response Team drives engineering and communication response efforts for a broad range of issues including reports of product vulnerabilities, malware, spam, and privacy breach concerns in RIM’s products or services that have reached commercialization. Prior to joining RIM, Adrian was a senior manager in the Microsoft Security Response Center where he was involved in several strategic business initiatives including defining Microsoft’s security response strategy for Cloud technologies, a contributing author to the Security Intelligence Report, represented Microsoft in ICASI’s Common Vulnerability Reporting Framework efforts, and managing the Microsoft Vulnerability Research (MSVR) program. His previous roles include securing nuclear and non-nuclear critical infrastructure technology assets including SCADA and DCS systems, and security analyst, security engineering, development and incident response roles at a number of global ISPs and dot com’s.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus