Are BlackBerrys Hackable?

Comments

One of the things that RIM prides itself on is the tight security offered by the BlackBerry and the BlackBerry Enterprise Server. However, Wired is reporting that maybe our beloved device isn’t as secure as we previously thought. Jesse D’Aguanno, a consultant with Praetorian Global, says he has developed a program called BBProxy which could give hackers direct entry to your company’s network through your BlackBerry.

BBProxy has to be placed on a Blackberry either physically or as a Trojan horse delivered by e-mail. Once installed, it causes the Blackberry to call back to the attacker’s system in the background, opening a communications channel between the attacker and the company’s internal network. From there, safely behind the organization firewall, the intruder can scan for hosts with security vulnerabilities.

D’Aguanno says the technique is successful because most companies aren’t equipped to detect someone trying to deliver an exploit from inside the network, and because few companies view the Blackberry as a plausible attack vector.

“Because it’s a handheld device, most people don’t think it’s something that can actually harm the rest of your internal network,” D’Aguanno said. “But a Blackberry is not your average handheld. It’s not just a PDA that’s connected (to your network) only when you’re in the office. It’s a code-running machine that’s always on and always connected to your internal network and has direct access to whatever you give it access to. And most company architectures allow it unfettered access to everything on the internal network.”

D’Aguanno has been in contact about this with RIM, who’ve released two new security documents on their website this week.

  • moog

    “BBProxy has to be placed on a Blackberry either physically or as a Trojan horse delivered by e-mail.”

    LIES! It CANNOT be installed as a Trojan attachment. BB Attachments are not downloaded to the device. This has to be *conciously* installed on the device.

    BB Security Response:
    http://www.blackberry.com/knowledgecenterpublic/livelink.exe/?func=doc.Fetch&nodeId=1266119

  • moog

    “BBProxy has to be placed on a Blackberry either physically or as a Trojan horse delivered by e-mail.”

    LIES! It CANNOT be installed as a Trojan attachment. BB Attachments are not downloaded to the device. This has to be *conciously* installed on the device.

    BB Security Response:
    http://www.blackberry.com/knowledgecenterpublic/livelink.exe/?func=doc.Fetch&nodeId=1266119

  • http://mca.libsyn.com/ Craig Johnston

    Its not really a big deal. Listen to the author Jesse talking about it on this podcast.
    http://mca.libsyn.com/

  • http://mca.libsyn.com/ Craig Johnston

    Its not really a big deal. Listen to the author Jesse talking about it on this podcast.
    http://mca.libsyn.com/

  • Beverly Smith

    Our school are recycling used cell phones, pocket pc’s, pda’s, and blackberry phones for a fundraiser to buy new technology equipment for each one of our classrooms.

    We would like to know if you have any used cell phones(blackberry) that you would like to donate to our school to help with our fundraiser.

    Please e-mail me at bds222000@yahoo.com.

    Thank you for your cooperation.

    Sincerely,

    Beverly Smith
    Webster Elementary School
    349 South Market Boulevard
    Webster, FL 33597

  • http://yahoo Beverly Smith

    Our school are recycling used cell phones, pocket pc’s, pda’s, and blackberry phones for a fundraiser to buy new technology equipment for each one of our classrooms.

    We would like to know if you have any used cell phones(blackberry) that you would like to donate to our school to help with our fundraiser.

    Please e-mail me at bds222000@yahoo.com.

    Thank you for your cooperation.

    Sincerely,

    Beverly Smith
    Webster Elementary School
    349 South Market Boulevard
    Webster, FL 33597

  • http://www.byinternational.com/ purifier

    hey, i store most of information data on my blackberrys, and hope it’s safe…

  • http://www.byinternational.com purifier

    hey, i store most of information data on my blackberrys, and hope it’s safe…