Critical BlackBerry exploit to be released Aug 14

Critical BlackBerry exploit to be released Aug 14

Summary: If you're BlackBerry Enterprise Server isn't in "positioned" in a network DMZ, perhaps now is a good time to move it.  According to a report by eWeek's Matt Hines, on Aug 14, security researchers will be releasing the code to an exploit that leverages a BlackBerry's capability to securely connect or "tunnel into" a corporate network.

SHARE:
TOPICS: BlackBerry
1

If you're BlackBerry Enterprise Server isn't in "positioned" in a network DMZ, perhaps now is a good time to move it.  According to a report by eWeek's Matt Hines, on Aug 14, security researchers will be releasing the code to an exploit that leverages a BlackBerry's capability to securely connect or "tunnel into" a corporate network.  The hack essentially turns BlackBerry into end-run devices that circumvent the security that would normally stop illicit connections.  Reports Hines:

According to a warning released by network security applications and device provider Secure Computing, organizations with their BlackBerry servers installed behind their gateway intrusion detection boxes could be compromised when researcher Jesse D'Aguanno, a consultant with risk management experts Praetorian Global, of Placerville, Calif., releases his code the week of Aug. 14....In his presentation at Defcon, D'Aguanno highlighted the ability of a hacking program dubbed BBProxy to be installed on a BlackBerry device or sent as an e-mail attachment to an unsuspecting user. Once installed, the attack opens a covert communications channel with the RIM servers by bypassing gateway security controls...Because the communications between the devices are encrypted, network defenses will not find or shut down the tunnel....

Apparently, BlackBerry manufacturer Research in Motion has some suggested fixes but security researchers warning that RIM's suggestions may not go far enough.

Topic: BlackBerry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Is this just news for the sake of creating paranoia ?

    Has the author of this article ever tried to load an application on to a BlackBerry? It isnt very easy.

    This is not like spyware.

    Despite what your aticle states, an app cant be sent as a virus, there is no option to open a COD or JAD file via an email attachement

    There isnt a way to make this a phishing message because BlackBerry only allows text messages.

    Even an Over The Air link via a browser takes many steps.

    If someone is gullible enough to actually click on a URL and go through all of the steps to load an illicit program, how will they find BlackBerry users? How will it get through spam filters?

    Anyone can write a desktop application that exploits the same thing in a corporate network. How is BlackBerry more vulnerable?

    It seems like your article has bad facts to sensationalize the issue.
    vlw