The vulnerability surfaced during the fifth annual Pwn2Own contest at the 2011 CanSecWest security conference held in Vancouver, British Columbia, Canada. Security researchers Willem Pinckaers and Vincenzo Iozzo demonstrated they could download photos, the contact list, and the BlackBerry Messenger data stored in the file system.
From the Register:
The researchers compared their task of finding and exploiting a Blackberry flaw to finding their way through a labyrinth in the pitch dark because there is virtually no material documenting the internal workings of the Research in Motion handset.
Blackberrys lack some common security measures found in other smartphones. For example, Apple’s iPhone and Microsoft’s Windows 7 Mobile include address space layout randomization (ASLR) and data execution prevention. Additionally, the Blackberry’s application sandbox has been faulted as “rudimentary” by security experts.
From a RIM advisory:
Successful exploitation of the vulnerability requires the user to browse to a website that the attacker has maliciously designed. The attacker would then be able to read or write to the built-in media storage section of a BlackBerry smartphone or to the media card, but not to access user data that the email, calendar and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone.