Operation n

I’ve heard alot about hacking BlackBerry devices via Blackjacking. It was big news late last year, but was it really big news? I wanted to get down to the facts and the real risks involved.

If you don’t already know, Blackberry’s are awesome little "dinky" mobile computers that many companies use to connect their offices via giant Blackberry enterprise servers usually placed within the internal network so that it has access to their Exchange mail servers (or Lotus) to get mail etc. I think you get the point.

It all started with Jesse D’Aguanno who released a really funky tool called, "bbproxy" (BlackBerry Proxy).

bbproxy is really just a trojan which performs port forwarding. Once installed an attacker can perform attacks against internal systems via the BlackBerry. You cannot send the trojan via e-mail, because the BlackBerry Enterprise Server (BES) doesn’t allow software to be installed via e-mail attachments. This means, the more likely route would be via a web server; the attacker would have to lure the user to a peice of software on a web server somewhere and get them to install it.

My first thoughts were, well, how different is this from sending a trojan to a normal PC? There are some subtle differences. Firstly, once BlackJacked (the user has installed bbproxy), Intruder detection systems will be unable to detect the attacks as all traffic is encrypted between the BlackBerry and the BES server via symmetric encryption. Second, the BES server is often located within the corporate network rather then being seperated on its on DMZ. This is because of all the required ports to the MSQL server, mail servers and a fair bit more.

So is the risk any different from installing malware on a PC within the internal network via a website? Its a debatable point in my mind.

From a security perspective, the BES server and every component should really be seperated (security best practises). Also, you can define on the BES server what software can be installed on the BlackBerry - almost like MS Windows group policies.

As a side note, I have seen some guys reverse engineering parts of the BlackBerry proprietary protocols which allows some communication if you can get the BlackBerry key, as well as a number of Denial of Service issues via Bluetooth . . . so in the future we may have a little more to go on.