Would you believe something so innocently addictive as a BlackBerry could cause -- in addition to antisocial tendencies,
BlackBerry thumb, cranial trauma (
over and
over), and
government panic -- your poor employer to get hacked? Well believe it. At this year's DEFCON Jesse D'Aguanno of Praetorian Global demonstrated a program called BBProxy that can cause your RIM handheld to give malicious intruders access to your remote network by tunneling through your device's link to the mail server mothership. And, as anyone who's ever done any computer security stuff knows, rarely are companies' soft, warm intranet-underbellies well guarded against skilled internal attacks. What's worse, BBProxy can easily be delivered to your vulnerable virus-scanner free handheld via email. Or maybe it's not as bad as it all seems (well, we hope so anyway), but damned if we'd be opening any attachments on our BlackBerrys any time in the near future.
Reader Comments (Page 1 of 1)
Intrepid @ Aug 7th 2006 9:30AM
Hahaha. Stupid Blackberrys... I wonder if Windows CE 5 (or the upcoming 6) are that easy to hack?
badonkadonk @ Aug 7th 2006 9:44AM
Umm, if you read the article, it pointed out that you have to install the (presumably J2ME) application on your handheld first - this can be disabled via service books from the BES, and RIM posted two new KB articles on the subject once they were made aware of it. The BB kernel and JVM are secured in such a way that you can limit installation to "signed" or cryptographically authorized applications, again, if your company has instituted this via pushed service books.
Johnr @ Aug 7th 2006 9:51AM
WM5 Freezes so much that it's hard to do anything at all.
Jeff @ Aug 7th 2006 10:45AM
YES! I've been waiting for someone to write a virus which infects Blackberrys (or anything similar), if only so that I can use -this- line.
"Oh no, sir. The virus has gone airborne."
Woo-hoo! =)
ben @ Aug 7th 2006 11:27AM
People who get sore thumbs should get a blackberrey helmet http://www.cbc.ca/mercerreport/mediazone.html this canandian comidian has many good spoofs on his site.
Jamie @ Aug 7th 2006 12:24PM
These Blackberry gags are giving me the pip.
Todd Laff @ Aug 7th 2006 5:40PM
Blackberry, welcome to the club. Windows mobile, Symbian, etc can all pass on viruses into the enterprise network. Mobility is a great expansion for all of us to work free (or at least away from our desks). This is where products like Intellisync helps secure, manage, sync and secure all this info we have coming in and out through our mobile devices, right into our network.
Been through it and just wonder how much it will get worse. So stay free, just look at the info and control it from the network side.
helpdesk @ Aug 7th 2006 9:38PM
I work for an international company. Recently we implemented a password scheme on our blackberry units that automatically locks the handheld after a certain time of inactivity. Annoying to our users, especially if they enter the wrong password too many times and it wipes all their data. Same scenario, we needed to bump up the security on the things since users manage to not keep up with their things like they should.
BB User @ Jun 25th 2007 6:11AM
You will have to forgive my naivity here but what could you do even if you could hack all the way back to the mailserver. The BESadmin service account is not an administrator its in the domain users account.
You could send email wow!. I think instead of trying to hack the BlackBerry when all you can do is intercept some email big deal! it would be easier to attack the system after the mail has been decrypted (i.e. the Microsoft Exchange Server)
Just my 2 cents though