Researchers Warn of Serious BlackBerry VulnerabilityBy Matt Hines | Posted 08-08-2006
Businesses that use gateway security appliances to protect Research In Motion's BlackBerry communications servers could be subject to attacks based on the planned release of exploit code by a high-profile malware researcher.
According to a warning released by network security applications and device provider Secure Computing, organizations with their BlackBerry servers installed behind their gateway intrusion detection boxes could be compromised when researcher Jesse D'Aguanno, a consultant with risk management experts Praetorian Global, of Placerville, Calif., releases his code the week of Aug. 14. D'Aguanno first revealed his vulnerability exploit on Aug. 5 at the Defcon hacker convention in Las Vegas.
For its part, RIM maintains that the so-called vulnerability illustrated at Defcon merely proves that third-party applications can run on its devices, not that the handhelds or their back-end systems are necessarily open to attack. By administering the various security tools available in its systems, IT administrators can greatly reduce the potential for any attack by banning or limiting the privileges of various types of applications, company officials said.
"I wouldn't characterize this as a flaw, but the ability to run a program on the network," said Scott Totzke, director of RIM's Global Security Group, in Waterloo, Ontario. "We have tools [that can be used] to manage and control third-party applications, and administrators can close the door to third-party applications completely, or use a whitelist approach that can allow them to be very granular in what they might allow."
The company also maintains that the attack described by D'Aguanno, which requires that a user consciously download malware to the device, could be used to access systems on almost any mobile device, including smart phones, PDAs and laptops.
In addition to utilizing the security features in its software, the company said customers can take the additional step of installing BlackBerry servers in segmented networks to protect themselves.
Totzke pointed out that RIM has not experienced any major malware attacks thus far, and that it has reported only a handful of potential vulnerabilities.
"There have been some things brought to [our] attention over time that were fixed, but not a lot," he said. "We encourage researchers to work with us to find potential issues and resolve them; we're big fans of responsible disclosure and working with researchers to help build the best products."
The company has posted a pair of documents highlighting BlackBerry security features on its Web site in response to the vulnerability report.
In his presentation at Defcon, D'Aguanno highlighted the ability of a hacking program dubbed BBProxy to be installed on a BlackBerry device or sent as an e-mail attachment to an unsuspecting user. Once installed, the attack opens a covert communications channel with the RIM servers by bypassing gateway security controls installed between the hacker and the inside of the victims' network.
Read the full story on eWEEK.com: Researchers Warn of Serious BlackBerry Vulnerability