BlackBerrys threatened by $100 key

Comments

keykeykey.jpgThat is probably one of the weirdest titles I’ll ever see on this site. I’d like to point you to an article found on Security Watch. I’d like to think we’re all at least semi-aware of the security issues that come along with being a BlackBerry user, especially those in “cushy” government jobs. Well, turns out our security costs a mere $100 to be thrown out the window.

“According to a white paper by John O’Connor, a researcher on Symantec’s security response team, hackers can pay $100 for an API developer key that can open doors to the theft of data from Research in Motion’s BlackBerry devices.”

Apparently the “researcher” (aka hacker) posted a blog entry regarding this and how to, you know, cause some havoc, but it was pulled promptly from the site. Here’s a few more highlights of O’Connors findings. Read up on the rest here.

- The BlackBerry’s “modest” security framework it is still susceptible to multiple attacks, including being used as a backdoor, allowing confidential data to be exported.

- The BlackBerry can be used as a proxy for attackers. Some of these attacks require applications to be digitally signed, while others can be conducted without such a signature.

- While code-signing provides a potential hurdle for malicious code writers, signatures can still be obtained with relative ease and anonymity. Code-signing keys can be bought for $100 — completely anonymously via the use of prepaid credit-cards. This completely undermines the ability to determine the creators of a signed application, and perhaps track them down in the case of malicious code being signed.

  • Corey

    You can download the original PDF here, http://crepitus.com/blackberry.security.pdf

    It’s interesting, but not as shocking as the eweek article makes it seem.

  • Corey

    You can download the original PDF here, http://crepitus.com/blackberry.security.pdf

    It’s interesting, but not as shocking as the eweek article makes it seem.

  • C. Waters

    Can RIM do anything about this? It’s scary to think that our BlackBerrys and our information is susceptable to these kinds of attacks.

  • C. Waters

    Can RIM do anything about this? It’s scary to think that our BlackBerrys and our information is susceptable to these kinds of attacks.

  • Alberto

    I still don’t see this as an incredible threat. If your company is seriously worries about blackberries being a vector for penetration into the enterprise. Do the following

    1) Segment your BES from the rest of the network
    2) Prevent users from running unapproved software on their blackberry via IT policy

  • Alberto

    I still don’t see this as an incredible threat. If your company is seriously worries about blackberries being a vector for penetration into the enterprise. Do the following

    1) Segment your BES from the rest of the network
    2) Prevent users from running unapproved software on their blackberry via IT policy