That is probably one of the weirdest titles I’ll ever see on this site. I’d like to point you to an article found on Security Watch. I’d like to think we’re all at least semi-aware of the security issues that come along with being a BlackBerry user, especially those in “cushy” government jobs. Well, turns out our security costs a mere $100 to be thrown out the window.
“According to a white paper by John O’Connor, a researcher on Symantec’s security response team, hackers can pay $100 for an API developer key that can open doors to the theft of data from Research in Motion’s BlackBerry devices.”
Apparently the “researcher” (aka hacker) posted a blog entry regarding this and how to, you know, cause some havoc, but it was pulled promptly from the site. Here’s a few more highlights of O’Connors findings. Read up on the rest here.
- The BlackBerry’s “modest” security framework it is still susceptible to multiple attacks, including being used as a backdoor, allowing confidential data to be exported.
- The BlackBerry can be used as a proxy for attackers. Some of these attacks require applications to be digitally signed, while others can be conducted without such a signature.
- While code-signing provides a potential hurdle for malicious code writers, signatures can still be obtained with relative ease and anonymity. Code-signing keys can be bought for $100 — completely anonymously via the use of prepaid credit-cards. This completely undermines the ability to determine the creators of a signed application, and perhaps track them down in the case of malicious code being signed.