RIM tells Blackberry users to turn off JavaScript after Pwn2Own hack

RIM is urging its users to temporarily suspend the use of JavaScript on their Blackberry handsets.

The advice comes as a security flaw was found last week at Pwn2Own. Using a
vulnerability in the WebKit browser rendering engine, which is found in the Device Software version 6.0 and later, it said hackers can use the flaw to penetrate the smartphone’s data.

RIM said in a security advisory that after a hacker has managed to worm into a handset, they direct a user to a website containing malware. From here the hacker can use the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the smartphone.

On the plus side Blackberry says they won’t be able to access the internal file system that stores application data and user data. This includes email, calendar and contact applications.

“Application storage is the only place on a device from which applications can be run. Sections of application storage can store files that a user downloads or saves to device memory. Exploitation of the vulnerability does not allow access to this part of BlackBerry smartphone memory,” it said in its notice.

The exploit first came to light last week at the Pwn2Own 2011 and as such is publicly known.

RIM moved to cover its tracks claiming that its Security Incident Response Team has not received any reports “that this vulnerability has been successfully exploited on a BlackBerry smartphone outside of a test environment or has resulted in any impact to BlackBerry customers.”