ZDNet – ‘BlackBerry Slow To Respond To FREAK Flaw, Says It Has No Fix’

Freak Blue

Oh dear.

Here at UTB we’re very used to seeing iGnorant journalists make utter fools of themselves with regard to BlackBerry. But Zack Whittaker, of ZDNet, managed to surpass that yesterday with probably the sweetest timing of all.

The title you see above was the ORIGINAL title of an article written yesterday by Zack Whittaker. Zack (also of CNET and CBS News – dear Lord) had taken it upon himself to address the whole issue of the FREAK vulnerability by taking a swipe at BlackBerry.

Why? Well, it would seem that Zack, along with many other, mainly US journalists, it has to be said, seem to ‘get’ the fact that BlackBerry are way out in front on security so will take any chance they get to try and pin the company and finally, in their eyes, finish them off once and for all.

So, Zack wrote a piece, an eye catching little ditty, about how useless BlackBerry were at handling the FREAK vulnerability, how ALL their devices were impacted, how BES was affected, how BBM was affected and how even the President of the US had ‘held on to his BlackBerry despite warnings from the Secret Service to use a hardened, custom device.’

He already has one, you nerk.


The problem for Zack was that as he hit publish the fix was already rolling out to Z30 users. Which meant that people were actually laughing at him in the comments to his blog.

Essentially, he got slaughtered.

And now it’s hit Z10 and Q10 users too. Which means that although he has changed the title and a few words of his article, it is again WOEFULLY out of date. See if you can spot the change of words…

Tip – I’ve highlighted them in BOLD!

BlackBerry begins slow rollout for FREAK security flaw, most devices still at risk

Summary:The company, slated as having the world’s most secure messaging devices, warns that devices will be vulnerable to a serious security flaw until a patch is released.

BlackBerry has issued a warning to users that most of its devices and encrypted messaging services are vulnerable to a serious security vulnerability.

The Ontario, Canada-based phone maker said in an advisory, almost two weeks after the flaw was first discovered, that it does not have a fix in place for for most of its impacted devices.

A spokesperson for the company confirmed that it issued a patch for Z30 devices running the latest 10.3.1 update.

“We will continue the patches for other products impacted,” the spokesperson said.

The FREAK flaw is a weakness in modern Web cryptography, which allows an attacker to potentially intercept encrypted traffic between a vulnerable client and server and force them into using weaker encryption that can be easily cracked. But despite knowing about the problem since the beginning of the month, the company said there are no current workarounds to prevent device data from being intercepted.

All versions of newer BlackBerry 10 devices, older BlackBerry 7.1 devices, and BlackBerry Enterprise Service 12 and earlier are affected by the flaw — essentially almost every product the company currently has on the market.

BlackBerry Messenger on Android, iPhones and iPads, and Windows Phone are also affected by the vulnerability.

“Further investigation into affected products is ongoing, and BlackBerry is working to determine the full impact of the issue and confirm the best approach for protecting customers,” the advisory warns.

“As fixes become available, this notice will be updated,” it read.

Every version of Windows is affected. Apple devices, including Macs, iPhones, and iPads (which are now patchable are also hit by the bug, along with Google’s Android operating system. Dozens of other device makers, including Cisco, are introducing patches and fixes for the bug.

BlackBerry devices have long been seen as the industry standard for encrypted messaging. US President Barack Obama has during his two terms held onto his trusty phone, despite warnings from the Secret Service to use a hardened, custom device.

The saving grace is that the back-end system, run by BlackBerry Enterprise Service, would require an attacker to compromise the user’s intranet. It also said that devices encrypting content before being sent over SSL, such as PGP or S/MIME, will “still be protected.”

Yeah! You go Zack!

Here’s a better idea. You obviously don’t own a BlackBerry or take a proper interest so how about shutting up?

Or, here’s a better idea, how about now writing an article about how BlackBerry devices (not all of them at time of writing but I’ll give you until Monday!) are the ONLY ones on the market patched and protected?

I sometimes wonder whether whenever these articles are written the authors send Tim Cook an iMessage to tell him so he knows that they are pandering properly.

Don’t worry.

He doesn’t reply because he’s busy

It’s an iMessage. He never receives it.


Bigglybobblyboo is a legend almost nowhere at all. He is a founder member of UTB and spends his spare time taking out his anger at the world with a fishfork and a spatula. He is also a Cribbage Master, having won 1 fight online as the other guy refused to turn up out of fear for his life.