One of the first examples of malicious software on BlackBerry devices has surfaced, but manufacturer Research In Motion does not see it as a serious threat.
At the Defcon hacker confab on Saturday, researcher Jesse D'Aguanno said he developed a program called BBProxy that, when running on a BlackBerry, gives an attacker entry to the network the wireless device connects to. The program exploits the link between the handheld and the e-mail server, and it could be used to place additional malicious code onto a network.
"A malicious person could potentially use this back channel to move around inside of an organization unabated and remove confidential information undetected, or use the back channel to install malware on the network," Secure Computing, a provider of security services, said in a media alert Tuesday.
The BlackBerry service allows companies to give their employees access to e-mail while they are on the road. A typical installation includes server software that is installed on a corporate network as well as the handhelds used to send and receive messages.
For an attack to be successful, a BlackBerry user has to be tricked into running the malicious application. At Defcon, D'Aguanno suggested that his program could be delivered to users wrapped in a game of "Tic Tac Toe." "First and only BlackBerry Trojan (horse) that I know of," D'Aguanno wrote in his presentation.
It could be the first malicious program aimed at the BlackBerry, Scott Totzke, director of the global security group at RIM, agreed in an interview Tuesday. However, the Waterloo, Ontario-based company doesn't see a major threat to its customers, he said.
"There are a number of hoops that you have to go through to make this thing possible," Totzke said. For one, it is impossible to e-mail an application to the device; people have to download it, he said.
"When you step back and look at it, BlackBerry is a computing platform and able to run applications similar to a laptop and a VPN connection," he said.
The BlackBerry can run applications, including malicious ones, Totzke noted. To avoid that, the device offers several settings that allow companies to protect their systems. These include blocking the ability to run programs. Also, RIM suggests that companies put their BlackBerry servers and e-mail servers in discrete sections of the network to limit the connection between the two.
In anticipation of D'Aguanno's presentation, RIM published two documents on its security Web site that provide instructions on secure installation of a BlackBerry system and on protection against malicious software.
D'Aguanno plans to publicly release BBProxy in the coming weeks. RIM isn't worried. "I don't see releasing code as much of a threat," Totzke said. "It is an example of an application running on a BlackBerry that is designed to connect to network resources."
These security researcher guys will blow anything out of proportion in a feeble attempt at trying to become famous (in their little world) or try to prove their worth or their company's worth. (And CNet too...)
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
When the sun goes down, that's when the iPad gets busy for folks with news readers. The iPhone? It's more of a daytime habit. If you're building an app for both devices, heed the lesson.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
