AOH :: ISN-2826.HTM

BlackBerry a Juicy Hacker Target

BlackBerry a Juicy Hacker Target
BlackBerry a Juicy Hacker Target,71548-0.html 

By Kim Zetter
Aug, 05, 2006

LAS VEGAS -- A computer security researcher says he's found an unexpected 
new path into company networks: the BlackBerry.

Jesse D'Aguanno, a consultant with Praetorian Global, has developed a 
hacking program that exploits the trust relationship between a BlackBerry 
and a company.s internal server to hijack a connection to the network. 
Because the data tunnel between the BlackBerry and the server is 
encrypted, intrusion detection systems at the perimeter of the network 
won't detect the attack.

The technique is successful, D'Aguanno says, because most companies aren't 
equipped to detect someone trying to deliver an exploit from inside the 
network. It also works because few companies view the BlackBerry as a 
plausible attack vector.

"Because it's a handheld device, most people don't think it's something 
that can actually harm the rest of your internal network,"  D'Aguanno 
said. "But a BlackBerry is not your average handheld. It's not just a PDA 
that's connected (to your network) only when you're in the office. It's a 
code-running machine that's always on and always connected to your 
internal network and has direct access to whatever you give it access to. 
And most company architectures allow it unfettered access to everything on 
the internal network."

The program, called BBProxy, has to be placed on a BlackBerry either 
physically or as a Trojan horse delivered by e-mail. Once installed, it 
causes the BlackBerry to call back to the attacker's system in the 
background, opening a communications channel between the attacker and the 
company's internal network.

>From there, safely behind the organization firewall, the intruder can
scan for hosts with security vulnerabilities.

D'Aguanno said he'll release BBProxy for download in a week or so.

Given how ubiquitous the BlackBerry is, it's an obvious target for attack, 
but few researchers have examined it for vulnerabilities.  D'Aguanno says 
the attack could be prevented if companies built more secure architectures 
on the back end and tightened user policies so not just any user can 
install third-party code

"Securely deploying it shouldn't be that hard but there hasn't been a 
whole lot of documentation provided by (BlackBerry maker) Research in 
Motion in the past on securely deploying the BlackBerries."

D'Aguanno, who has met with Research in Motion about the issue, said the 
company posted two new documents on its website this week in anticipation 
of his presentation at the DefCon hacker convention here.  The documents 
include instructions to customers for configuring a more secure 
architecture for BlackBerry service.

Ironically, D'Aguanno's own BlackBerry was stolen during a recent business 
trip in Paris.

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2015 CodeGods