Comments on: RIM talks about security threat of DDOS attacks on carriers

By: All the Phone Information » Blog Archive » Trusting 3rd Party BlackBerry Apps: What Can They Do?

Thu, 17 Dec 2009 02:44:17 +0000

[...] Cool has been asking me about what BlackBerry apps can do and recently the notion of malicious applications has come up. In this article, I address what third party apps can do, and how it relates to the safety of your [...]

By: Trusting 3rd Party BlackBerry Apps: What Can They Do? | BBERRYNEWS

Trusting 3rd Party BlackBerry Apps: What Can They Do? | BBERRYNEWS — Mon, 30 Nov 2009 00:29:22 +0000

By: Trusting 3rd Party BlackBerry Apps: What Can They Do? | Blackberry Software

Trusting 3rd Party BlackBerry Apps: What Can They Do? | Blackberry Software — Wed, 25 Nov 2009 07:38:53 +0000

By: Trusting 3rd Party BlackBerry Apps: What Can They Do? | BlackBerry Cool

Trusting 3rd Party BlackBerry Apps: What Can They Do? | BlackBerry Cool — Tue, 24 Nov 2009 14:16:13 +0000

By: Conversaciones con RIM sobre la amenaza de la seguridad de los ataques DDOS

Conversaciones con RIM sobre la amenaza de la seguridad de los ataques DDOS — Sat, 21 Nov 2009 22:32:25 +0000

[...] [Via: BBCool] [...]

By: Pierre-Alain R.

Pierre-Alain R. — Fri, 20 Nov 2009 07:12:34 +0000

Sorry for the digitally signed, I was sure that your private data could be accessed by digitally signed apps.

But for the money side, make no mistake. This can ce very lucrative. Imagine:
- take big red network down for 5 min
- contact them and say: 1M by 1 hour, or network down for a good while

This technique usually works fine. Imagine how much down time cost to a carrier. Loss in money (no call, no service, prejudice to clients), loss for the image of the company. At least, that’s one of the way banks get milked.

By: Pierre-Alain R.

Pierre-Alain R. — Fri, 20 Nov 2009 07:12:00 +0000

Sorry for the digitally signed, I was sure that your private data could be accessed by digitally signed apps.

But for the money side, make no mistake. This can ce very lucrative. Imagine:
- take big red network down for 5 min
- contact them and say: 1M by 1 hour, or network down for a good while

By: Pierre-Alain R.

Pierre-Alain R. — Fri, 20 Nov 2009 07:12:00 +0000

Sorry for the digitally signed, I was sure that your private data could be accessed by digitally signed apps.

But for the money side, make no mistake. This can ce very lucrative. Imagine:
- take big red network down for 5 min
- contact them and say: 1M by 1 hour, or network down for a good while

By: Kyle

Kyle — Fri, 20 Nov 2009 00:28:50 +0000

It’s true, even the most experienced BlackBerry users are giving applications “Trusted” status without thinking. I know I instinctively trust the apps I download and I probably shouldn’t be so open about it. It’s like EULA’s. Does anybody take the time to actually read those agreements? I just scan through the stuff thinking “yeah yeah yeah, just give me the app already!”

By: Kyle

Kyle — Fri, 20 Nov 2009 00:28:00 +0000

By: Ronen

Ronen — Thu, 19 Nov 2009 22:02:10 +0000

Pierre,
The app will just ask you after it installs if you want to grant it trusted application status. I have yet to run into anybody that does not click yes instinctively. Even RIM makes it the default option as yes. That gives them full access to your phone book, all your email, calendar, & more.

On the other hand you don’t make any money off of DDOS attacks since all they do is take a service out of commission. Essentially what the iPhone is doing to AT&T’s network every day all day… The only way you make money off DDOS attacks is if somebody pays you to attack one of the carriers like a competitor or terrorists… which would be pretty easy to spot.

By: Ronen

Ronen — Thu, 19 Nov 2009 22:02:00 +0000

By: Pierre-Alain R.

Pierre-Alain R. — Thu, 19 Nov 2009 21:53:45 +0000

So far I know, if an app what to access your personal data, it needs your aproval, but in addition it must be “signed” by RIM, otherwise the device refuses to grant access.

And DDOS on carriers (or threat to do so) could grant much more cash than the cellphone number of my grand mother.

By: Pierre-Alain R.

Pierre-Alain R. — Thu, 19 Nov 2009 21:53:00 +0000

So far I know, if an app what to access your personal data, it needs your aproval, but in addition it must be “signed” by RIM, otherwise the device refuses to grant access.

And DDOS on carriers (or threat to do so) could grant much more cash than the cellphone number of my grand mother.

By: Pierre-Alain R.

Pierre-Alain R. — Thu, 19 Nov 2009 21:53:00 +0000

So far I know, if an app what to access your personal data, it needs your aproval, but in addition it must be “signed” by RIM, otherwise the device refuses to grant access.

And DDOS on carriers (or threat to do so) could grant much more cash than the cellphone number of my grand mother.

By: Ronen

Ronen — Thu, 19 Nov 2009 21:42:42 +0000

I agree with you Kyle. It is crazy what an app can do to your private info once installed. You could come up with a fart app that stole all of the users confidential information. I wonder if any user has ever selected that they don’t want to give an application “Trusted” status…

By: Ronen

Ronen — Thu, 19 Nov 2009 21:42:00 +0000