BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-08-2006, 02:38 PM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Mar 2006
Model: 8830
Carrier: Verizon
Posts: 24
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Hackers targeting Blackberry

Please Login to Remove!

Are BlackBerrys the Next Hacker Target? : Christopher Null : Yahoo! Tech

Are BlackBerrys the Next Hacker Target? : Christopher Null : Yahoo! Tech
Offline  
Old 08-08-2006, 02:40 PM   #2 (permalink)
CrackBerry Addict
 
Join Date: Jul 2006
Location: Pembroke Pines, FL
Model: 9700
PIN: 21BFC0A1
Carrier: T-Mobile
Posts: 953
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Wirelessly posted (Cingular 7130c: BlackBerry7130/4.1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102)

They're one of the most secure devices on the market, of course people will want to take them down.
Offline  
Old 08-08-2006, 02:43 PM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Mar 2006
Model: 8830
Carrier: Verizon
Posts: 24
Post Thanks: 0
Thanked 0 Times in 0 Posts
Angry

I know that.... but some master mind has nothing better to do but release a program to hack to into the blackberry and casue problems for people ...
Offline  
Old 08-08-2006, 02:46 PM   #4 (permalink)
CrackBerry Addict
 
Join Date: Jul 2006
Location: Pembroke Pines, FL
Model: 9700
PIN: 21BFC0A1
Carrier: T-Mobile
Posts: 953
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Wirelessly posted (Cingular 7130c: BlackBerry7130/4.1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102)

That's what hackers do.
Offline  
Old 08-08-2006, 03:56 PM   #5 (permalink)
BlackBerry Extraordinaire
 
Soapm's Avatar
 
Join Date: Apr 2005
Location: The Mile Hi City
Model: 9780
OS: 6.0
Carrier: TMO
Posts: 2,790
Post Thanks: 3
Thanked 4 Times in 4 Posts
Default

It would have to be some kind of trojan or worm that would send the contents of your device to other's...
Offline  
Old 08-08-2006, 04:58 PM   #6 (permalink)
CrackBerry Addict
 
Join Date: Jul 2006
Location: Pembroke Pines, FL
Model: 9700
PIN: 21BFC0A1
Carrier: T-Mobile
Posts: 953
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

What ever it is, im sure the exploit has already being fixed. RIM are security experts. They wont let this become a big deal.
Offline  
Old 08-08-2006, 06:29 PM   #7 (permalink)
BBF Veteran
 
coreyg510's Avatar
 
Join Date: Apr 2005
Location: Lost in Translation
Model: 8700c
Carrier: Cingular
Posts: 3,190
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

You have to consider a few things.

1. There are always going to be people who feel like exercising their skills and brain power to find ways that will crash, wreck, and invade other peoples computer systems.

2. Security experts are constantly anticipating these issues and devising ways to remedy the situation and threats.

3. Hackers are anticipating these remedies and are always updating and changing these hacks and viruses, worms, and such to avoid the detection and nutralization of these things.

If you repeat steps 2 and 3 you will just keep going around the circle. At some point, RIM will miss one of these issues or will not be able to devise a resolution quick enough to stop the breach. Microsoft, Norton, and other virus security teams have these issues as well.

Dont believe me?? Remember when the FBI computer system was hacked?
__________________
He's Back....and better than ever!
Offline  
Old 08-08-2006, 07:44 PM   #8 (permalink)
CrackBerry Addict
 
adamlau's Avatar
 
Join Date: Jun 2006
Model: 9930
Carrier: Sprint
Posts: 850
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

All the more reason to keep your firewall enabled and to be wary of outbound connection attempts. See the following post and vote on where you stand on the following issue:

Are Persistent Connection Attempts By Third-Party Apps Acceptable To You?
__________________
xxx40657;xxx33683;xxx23376;xxx25163;xxx26426;xxx31532;xxx19968;

Last edited by adamlau : 08-09-2006 at 05:07 PM.
Offline  
Old 08-09-2006, 12:04 AM   #9 (permalink)
Talking BlackBerry Encyclopedia
 
BES admin's Avatar
 
Join Date: Dec 2005
Location: NY
Model: Droid
Carrier: Android -> AT&T
Posts: 491
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

At this point, RIM doesn't have a fix for the BBProxy software which allows hackers to get behind your corporate firewall if they can get this software installed on a Blackberry device which is connected to your BES.

For those of you who read this thread, and who are not responsible for BES System administration, PLEASE tell your BES Admins about this exploit. They may not know about it.

Frankly, RIM's solution is nothing more than to lock the devices in your corporation down. Not a bad practice, but there are legit applications which will be affected by an IT policy which prevents software like BBProxy from being installed and run.

Your BES admins need to be aware of this situation and they need to take action. I am currently modifying my IT Policies so that most of my general users are protected against such malware and another for users who are more conscious of the threats against the corp. if they open unexpected attachments.
__________________
You had me at EHLO!
Offline  
Old 08-09-2006, 12:46 AM   #10 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Jun 2006
Model: 8700c
Carrier: cingular
Posts: 204
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

i wouldnt be too worried, the wired article is wrong, this trojan horse cannot be transmitted via email and the end user has to actually download this application onto the handheld and then run this application for this to possibly get access to the internal network.

and i dont see the point in hacking into your own companys network.
Offline  
Old 08-09-2006, 01:43 PM   #11 (permalink)
New Member
 
Join Date: Jun 2006
Model: 9000
Carrier: Vodafone
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

hi can you advise exactly which IT policies to set on the BES to 'lock down' the devices. I a new BES admin and have only just started getting to grips with IT policies.
Offline  
Old 08-09-2006, 01:59 PM   #12 (permalink)
Thumbs Must Hurt
 
Join Date: Aug 2005
Location: Charlottetown, PEI, Canada
Model: 7250
Carrier: Bell
Posts: 95
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Any policy applied to users should include 'Disallow Third Party Application Download' = true if you want to prevent users from downloading/installing applications not provided by RIM. This is under the Security Policy Group section of IT Policies. 'Allow Split-Pipe Connections' in the same Group should be set to False. The rest, it depends on what impact you want/are allowed to inflict on your users ;)
Offline  
Old 08-09-2006, 04:13 PM   #13 (permalink)
Talking BlackBerry Encyclopedia
 
BES admin's Avatar
 
Join Date: Dec 2005
Location: NY
Model: Droid
Carrier: Android -> AT&T
Posts: 491
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by alitaff
hi can you advise exactly which IT policies to set on the BES to 'lock down' the devices. I a new BES admin and have only just started getting to grips with IT policies.
This is what I have set, but currently we DO let users download software. In addition to the settings below, you would want set:

Disallow Third Party Application Downloads = True

This is my IT Policy, but it may not work for you. I recomend using the Admin Guide to determine what settings are best for your environment.

HANDHELD POLICY SETTINGS:
IT Policy Name = "<companyname> Policy"
Password Required = TRUE
Minimum Password Length = 4
User Can Disable Password = FALSE
User Can Change Timeout = TRUE
Enable Long-Term Timeout = TRUE
Home Page Address = "http://<mybesserver>"
Enable WAP Config = FALSE
Password Policy Group:
Forbidden Passwords = ""1234", "2345", "3456", "password", "Password" "
Periodic Challenge Time = 60
Duress Notification Address = "<myemailaddress>"
Set Maximum Password Attempts = 8
Set Password Timeout = 60
Security Policy Group:
Disable Unverified Certificate Use = TRUE
Desktop Backup = 1
Allow Outgoing Call When Locked = FALSE
Disable Forwarding Between Services = TRUE
Disable Radio When Cradled = 1
Disable Weak Certificate Use = TRUE
Disable Invalid Certificate Use = TRUE
Allow Split-Pipe Connections = FALSE
Allow External Connections = FALSE
Allow Third Party Apps to Use Persistent Store = FALSE
Allow Third Party Apps to Use Serial Port = FALSE
Key Store Password Maximum Timeout = 60
Disable Key Store Low Security = TRUE
Disable Revoked Certificate Use = TRUE
Disable Untrusted Certificate Use = TRUE
Memory Cleaner Policy Group:
Force Memory Clean When Idle = TRUE
Memory Cleaner Maximum Idle Time = 60
Browser Policy Group:
Allow IBS Browser = FALSE
MDS Browser Title = "<companyname> Web Browser"
Bluetooth Policy Group:
Require Password for Discoverable Mode = TRUE
Require Password for enabling Bluetooth Support = TRUE
Disable Wireless Bypass = TRUE
Allow Outgoing Calls = 1
Disable Discoverable Mode = TRUE
BlackBerry Messenger Policy Group:
Messenger Audit Max Report Interval = 1
Messenger Audit Email Address = "<myemailaddress>"

DESKTOP POLICY SETTINGS:
Show Application Loader = FALSE
Force Load Count = 0
Auto Backup Enabled = TRUE
Auto Backup Frequency = 1
Auto Backup Include All = TRUE
Do Not Save Sent Messages = FALSE

Good Luck.
__________________
You had me at EHLO!
Offline  
Old 08-09-2006, 04:57 PM   #14 (permalink)
CrackBerry Addict
 
justin.culp's Avatar
 
Join Date: Apr 2005
Model: SOLD
Carrier: at&t
Posts: 760
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

You are all forgetting one thing:

Hackers are good guys...usually work for security companies and actually enhance security.

Crackers are the bad guys.

The media just calls them all hackers, which in fact is not true.


Just thought I'd point that out; you know, inject some geekisms.
__________________
8800 att/cingluar For Sale w/2G MicroSD
http://www.blackberryforums.com/buy-...-cingular.html

Offline  
Old 08-09-2006, 05:05 PM   #15 (permalink)
BBF Veteran
 
coreyg510's Avatar
 
Join Date: Apr 2005
Location: Lost in Translation
Model: 8700c
Carrier: Cingular
Posts: 3,190
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ahhhh clarification. I was waiting for something like that to roll in.
__________________
He's Back....and better than ever!
Offline  
Old 08-09-2006, 08:59 PM   #16 (permalink)
Talking BlackBerry Encyclopedia
 
BES admin's Avatar
 
Join Date: Dec 2005
Location: NY
Model: Droid
Carrier: Android -> AT&T
Posts: 491
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by justin.culp
You are all forgetting one thing:

Hackers are good guys...usually work for security companies and actually enhance security.

Crackers are the bad guys.

The media just calls them all hackers, which in fact is not true.


Just thought I'd point that out; you know, inject some geekisms.
Originally, a hacker was a term of respect, used among computer programmers, designers, and engineers. The hacker was one who created original and ingenious programs. Unfortunately, the current popular meaning of the term is used to describe those who break into systems, destroy data, steal copyrighted software, and perform other destructive or illegal acts with computers and networks.

Moreover, the point here is not weather a 'hacker' a 'cracker' or a 'ritz' developed this software, it's that there is a loophole of sorts, it has been exploited, and we should be letting the less experienced know of the potential for a problem. RIM is well respected and known for their secure applications and hardware, most people assume it will remain this way forever, not necessarily.

Yes, their stuff is more secure than most, but don't close the door on the possibility that there may be further exploits. As a system admin, I am just passing on the knowledge. Use it how you may gentlemen.
__________________
You had me at EHLO!

Last edited by BES admin : 08-09-2006 at 09:06 PM.
Offline  
Old 08-18-2006, 08:38 AM   #17 (permalink)
BlackBerry Extraordinaire
 
BBAdmin's Avatar
 
Join Date: Feb 2005
Location: Port 3101.org
Model: .
Carrier: .
Posts: 2,491
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I bought this up at a RIM event the other week. Check the following:

First is a whitepaper entitled "Placing the BlackBerry Enterprise Solution in a Segmented Network" and that's available from here:

Livelink - Redirection

Also check out this security whitepaper page:

BlackBerry
__________________

Offline  
Old 08-18-2006, 10:00 AM   #18 (permalink)
Knows Where the Search Button Is
 
Join Date: Jul 2006
Location: Dubai, UAE
Model: 8100
Carrier: du
Posts: 16
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Gentlemen

Issue with these handhelds policy is that it will disallow all 3rd party apps regardless, what about the scenario where you have pushed a 3rd party in house app to the handheld

Solution according to RIM is an Application Control Policy which disallows unauthorised third party apps exculding authorised apps, this is straightforward enough to implement but what I have noticed when, I have implemented an application control policy with disposition "disallowed" for all apps
and "optional" for an in-house app, this has the desired affect of removing third party software other than the exception in-house app

The issue is that any apps from Plazmic.com are not removed from the handheld and seemed not to be viewed as 3rd party by BES, is this by design. We want to remove all 3rd party apps regardless; other
than the one approved by us and allowed by policy

I did notice that plazmic were bought by RIM a couple of years ago
Offline  
Old 08-29-2006, 12:47 PM   #19 (permalink)
New Member
 
jguel's Avatar
 
Join Date: Aug 2005
Model: many
Carrier: tmobile/nextel/cingular
Posts: 13
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

[quote=BES admin]Originally, a hacker was a term of respect, used among computer programmers, designers, and engineers.

Actually the term 'hacker' goes back to the very early days of computing and actually was first used by students at MIT who were 'hacking' the new phone switching system in 1961. The term, however, was also used to refer to someone who pulled an ingenious or clever stunt not necessarily related to computers or phones.
Offline  
Old 08-29-2006, 03:26 PM   #20 (permalink)
No longer Registered.
 
greggebhardt's Avatar
 
Join Date: Jan 2005
Location: Jacksonville, FLorida
Model: 9000!
PIN: NOT!
Carrier: AT&T
Posts: 3,762
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by katin2
Are BlackBerrys the Next Hacker Target? : Christopher Null : Yahoo! Tech

Are BlackBerrys the Next Hacker Target? : Christopher Null : Yahoo! Tech
Until it is doen, do not worry. When it happens, you can read about it here AND the evening news.

The encryption used by BB is pretty secure, our goverment depends on it!
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.