LAS VEGAS -- A computer security researcher says he's found an unexpected new path into company networks: the Blackberry.
Jesse D'Aguanno, a consultant with Praetorian Global, has developed a hacking program that exploits the trust relationship between a Blackberry and a company’s internal server to hijack a connection to the network. Because the data tunnel between the Blackberry and the server is encrypted, intrusion detection systems at the perimeter of the network won't detect the attack.
The technique is successful, D'Aguanno says, because most companies aren't equipped to detect someone trying to deliver an exploit from inside the network. It also works because few companies view the Blackberry as a plausible attack vector.
"Because it's a handheld device, most people don't think it's something that can actually harm the rest of your internal network," D'Aguanno said. "But a Blackberry is not your average handheld. It's not just a PDA that's connected (to your network) only when you're in the office. It's a code-running machine that's always on and always connected to your internal network and has direct access to whatever you give it access to. And most company architectures allow it unfettered access to everything on the internal network."
The program, called BBProxy, has to be placed on a Blackberry either physically or as a Trojan horse delivered by e-mail. Once installed, it causes the Blackberry to call back to the attacker's system in the background, opening a communications channel between the attacker and the company's internal network.
From there, safely behind the organization firewall, the intruder can scan for hosts with security vulnerabilities.
D'Aguanno said he'll release BBProxy for download in a week or so.
Given how ubiquitous the Blackberry is, it's an obvious target for attack, but few researchers have examined it for vulnerabilities. D'Aguanno says the attack could be prevented if companies built more secure architectures on the back end and tightened user policies so not just any user can install third-party code
"Securely deploying it shouldn't be that hard but there hasn't been a whole lot of documentation provided by (Blackberry maker) Research in Motion in the past on securely deploying the Blackberries."
D'Aguanno, who has met with Research in Motion about the issue, said the company posted two new documents on its website this week in anticipation of his presentation at the DefCon hacker convention here. The documents include instructions to customers for configuring a more secure architecture for Blackberry service.
Ironically, D'Aguanno's own Blackberry was stolen during a recent business trip in Paris.
Has anyone actually found the documents on RIM's website for this?? If there's one thing RIM are deadful at doing, it's designing a decent website! I can't find these docs anywhere!!!!
I may be wrong but I think these are the documents mentioned. They don't address this issue specifically but address how to securely deploy BES to be more protected.
Placing the BlackBerry Enterprise Solution in a segmented network (ie. Firewalling the different BlackBerry components) Livelink - Redirection
I just received (yet another) email about this from someone at our company - this time the Helpdesk manager. He actually forwarded a message to me from someone at Software Spectrum, and they claim they have software that can stop this type of virus attack. Anyone ever heard of SMobile VirusGuard? Here is a section of the email that was sent to me that references it:
Do third-party solutions exist that can protect against the vulnerability?
To our knowledge, the SMobile VirusGuard for BlackBerry from SMobile Systems is the only commercially available solution that offers immediate protection against the vulnerabilities. The SMobile VirusGuard stops malware and other threats at the handset, and allows users to continue to access the full functionality of their BlackBerry devices.
How much does the SMobile VirusGuard for BlackBerry cost?
SMobile VirusGuard for BlackBerry retails for $29.99 for a one-year subscription.
Curious to hear what others think about this......
__________________ No longer a BES Admin, but it was fun while it lasted!
My company has blocked all software downloads to our Blackberries until they can find some sort of specific solution to the hacking issues. I'm glad they are being proactive, but I miss being able to add a new theme or game when the mood strikes me.
__________________ 1st Step in Troubleshooting: Do you have a BlackBerry Data Plan? 2nd Step in Troubleshooting: Pull the Battery.
I reda aboui danglo's article the technique is called "blackjacking".you can get BBproxy an see the slides. On his groups website google up "the tecklow group". It only affects you if you Use Bes he also recomends you keep the bes server Isolated on the network
Just keep the messecary prts oper an posobly keep iway fron a direct conection to the web you could run it throug a router or have the web server an the main network isolated from each other on of the common $istakes is some people run bes on the main server withe everything else.
I reda aboui danglo's article the technique is called "blackjacking".you can get BBproxy an see the slides. On his groups website google up "the tecklow group". It only affects you if you Use Bes he also recomends you keep the bes server Isolated on the network
Just keep the messecary prts oper an posobly keep iway fron a direct conection to the web you could run it throug a router or have the web server an the main network isolated from each other on of the common $istakes is some people run bes on the main server withe everything else.
BBSpell for you!
__________________ Build Your Business Even If You Are On A Budget. Magnetic Sponsoring