Security firm publishes whitepaper on BlackBerry Trojan

A real trojan horseThe folks at Tech2 posted about a white paper published on BlackBerry security, namely what is lawfully interceptible, and how to avoid hacking. Part of the paper is based on a prototype trojan that could be delivered to a BlackBerry on BES and leave the company’s server unguarded. It was developed by an information security company, who released the information to RIM before taking it public. The trojan, called BBProxy, works by allowing a hacker to essentially piggyback on any connections made to BES. Once installed on a BlackBerry, the hacker can connect to it via computer and have complete access to everything the BlackBerry connects to. The article does include some simple steps administrators can take to prevent it from working, but fair warning: it is heavy on IT-speak. Earlier security reports acknowledged the threat of Trojans on BlackBerry, but we’ve yet to see an instance in the wild…

4 Responses to “Security firm publishes whitepaper on BlackBerry Trojan”


  1. 1 Ummm...

    This isn’t really news… this was first reported Aug 2006. Here’s another article with the same “hack” described:
    http://www.pdastreet.com/articles/2006/8/2006-8-9-BBProxy-Hack-Exposes.html

    RIM shot this “hack” down years ago so I would hardly call it news.

    The article you linked to actually plagiarized the site I linked above word for word.

    Check “The BlackBerry server and mail server should also not be permitted to open arbitrary connections to the internal network or Internet, and internal users should not be permitted to open arbitrary connections to either the BlackBerry server or mail server. ”

    and check “There is something like 250 plus commands that allow the administrator to have full control over how the BlackBerry as a platform is used by the users within the BlackBerry Enterprise Server community. ” versus “”There is something like 250 plus commands that allow the administrator to have full control over how the BlackBerry as a platform is used by the users with in the BlackBerry Enterprise Server community,” Totzke said .”

    I’d say pull the article before you embarrass yourself. Why did my first comment including this data get pulled? There were about 5 responses to this that disappeared.

  2. 2 BlackBerry Cool Simon

    Your original co