As reported previously by Infosecurity, the PlayBook is a seven inch tablet computer that relies on a user's BlackBerry smartphone for email and connectivity. According to NGS Secure's independent research, however, it advises potential users to exercise caution when thinking of adopting the tablet computer.
The issues identified in the report include unintended access to the file system, security flaws in relation to a third party web server and also a flaw in the device's HDMI video interface. In addition, the report says, the biggest unknown is the fact that many key applications for the tablet have yet to be released.
Andy Davis, research director at NGS Secure, said that, in his opinion - and judging from the results of his team's research - there are a number of technologies that he is sure that Research in Motion would have liked to include in this version of the PlayBook, but were not ready in time for the release date of the tablet computer earlier this year.
"The decision to release the device with some of this functionality missing is likely to have been made due to the speed of its competitors in getting rival tablets to market, for example Apple had already released the iPad 2 before the PlayBook was finally made available", he said.
"This has meant however that, if businesses are to take IT security as seriously as they should be, it is difficult for them to decide whether this technology is mature enough yet to be adopted in the Enterprise. Our advice to any business looking at tablet technology, or indeed any new technologies, is not to rush into implementing them until all aspects have been proven”, he added.
NCC Group's report concludes that Research in Motion has built a robust system on top of the existing QNX microkernel and have have restricted file plus user permissions at the operating system level, so leaving a reduced attack surface.
“If past performance is any indication of future developments, some of the more user-friendly components included in the PlayBook such as the Flash and Air runtimes - or the WebKit browser - are most likely to be a source of security issues and system updates for PlayBook users”, the report notes.
“Organisations planning on introducing the PlayBook into their IT infrastructure should possibly consider waiting until further work has been published by the security community”, it adds.
The report rounds off by saying that many new technologies are being introduced to the device in the wake of its launch, such as payment services and hardware device drivers.
This means, says the analysis, that it many be worth waiting until the operating system and core technologies stabilise - and the risks they introduce are better understood - before embracing the tablet within the enterprise.