Critical BlackBerry exploit to be released Aug 14

Summary:If you're BlackBerry Enterprise Server isn't in "positioned" in a network DMZ, perhaps now is a good time to move it.  According to a report by eWeek's Matt Hines, on Aug 14, security researchers will be releasing the code to an exploit that leverages a BlackBerry's capability to securely connect or "tunnel into" a corporate network.

If you're BlackBerry Enterprise Server isn't in "positioned" in a network DMZ, perhaps now is a good time to move it.  According to a report by eWeek's Matt Hines, on Aug 14, security researchers will be releasing the code to an exploit that leverages a BlackBerry's capability to securely connect or "tunnel into" a corporate network.  The hack essentially turns BlackBerry into end-run devices that circumvent the security that would normally stop illicit connections.  Reports Hines:

According to a warning released by network security applications and device provider Secure Computing, organizations with their BlackBerry servers installed behind their gateway intrusion detection boxes could be compromised when researcher Jesse D'Aguanno, a consultant with risk management experts Praetorian Global, of Placerville, Calif., releases his code the week of Aug. 14....In his presentation at Defcon, D'Aguanno highlighted the ability of a hacking program dubbed BBProxy to be installed on a BlackBerry device or sent as an e-mail attachment to an unsuspecting user. Once installed, the attack opens a covert communications channel with the RIM servers by bypassing gateway security controls...Because the communications between the devices are encrypted, network defenses will not find or shut down the tunnel....

Apparently, BlackBerry manufacturer Research in Motion has some suggested fixes but security researchers warning that RIM's suggestions may not go far enough.

Topics: BlackBerry

About

David Berlind was fomerly the executive editor of ZDNet. David holds a BBA in Computer Information Systems. Prior to becoming a tech journalist in 1991, David was an IT manager.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.