Critical BlackBerry exploit to be released Aug 14

If you're BlackBerry Enterprise Server isn't in "positioned" in a network DMZ, perhaps now is a good time to move it.  According to a report by eWeek's Matt Hines, on Aug 14, security researchers will be releasing the code to an exploit that leverages a BlackBerry's capability to securely connect or "tunnel into" a corporate network.  The hack essentially turns BlackBerry into end-run devices that circumvent the security that would normally stop illicit connections.  Reports Hines:

According to a warning released by network security applications and device provider Secure Computing, organizations with their BlackBerry servers installed behind their gateway intrusion detection boxes could be compromised when researcher Jesse D'Aguanno, a consultant with risk management experts Praetorian Global, of Placerville, Calif., releases his code the week of Aug. 14....In his presentation at Defcon, D'Aguanno highlighted the ability of a hacking program dubbed BBProxy to be installed on a BlackBerry device or sent as an e-mail attachment to an unsuspecting user. Once installed, the attack opens a covert communications channel with the RIM servers by bypassing gateway security controls...Because the communications between the devices are encrypted, network defenses will not find or shut down the tunnel....

Apparently, BlackBerry manufacturer Research in Motion has some suggested fixes but security researchers warning that RIM's suggestions may not go far enough.