James Middleton

August 7, 2006

2 Min Read
Hacker squeezes BlackBerry security

A security consultant has warned that the popular push-email device beloved of corporate suits everywhere may turn out to be a serious security threat to private networks. Speaking at the DefCon hacker convention in Las Vegas this week, Jesse D’Aguanno of risk management firm Praetorian Global, revealed a new exploit which allows for the BlackBerry to be turned into a Trojan horse.

BlackBerrys typically use either an encrypted VPN tunnel using IPSec or similar to reach the enterprise mail server and other shared resources. This effectively prevents third parties intercepting the communications or spoofing either the handheld terminal or the server. Alternatively, a connection is established over the open internet using SSL/TLS encryption to reach a gateway server, which essentially achieves the same aim. Some other implementations connect to a hosted BlackBerry server within the mobile operator’s private network.

But D’Aguanno’s argument is the problem with devices accessing the corporate network via a VPN tunnel, is that they are within the enterprise’s security perimeter, but outside its physical control. Firewalls and intrusion detection systems will not be aware of security breaches originating on the device. Unlike PCs and servers on the local network, mobile devices are harder to manage and are not protected by physical security measures. What is more, the device has access to the internet which does not pass through the enterprise’s network.

Some of the devices also have WLAN functionality, which opens up the possibility of access to the internet without the network operator’s involvement.

D’Aguanno’s exploit consists of an application, BBTrojan, which must be installed on the device, either by someone with physical access to it or from a malicious email attachment or Bluetooth file transfer. The Trojan then opens a data connection via the cellular network to the attacker’s remote host and then awaits instructions from the attacker.

As the attack could allow further attack code to be executed on the device, the attacker now has full access to the corporate network, potentially including the external interface of the email system, the enterprise LAN itself, or even perhaps a mobile operator’s core network.

In anticipation of D’Aguanno’s revelations, RIM recently put up a Knowledge Centre article on protecting the device from malware in the enterprise space.

About the Author(s)

James Middleton

James Middleton is managing editor of telecoms.com | Follow him @telecomsjames

You May Also Like