BlackBerry Gets Its First Trojan
By:
Shayne Rana
| Mar 15,2008
Varun Srivastava, the Business Development Head at APPIN Security Group, a player in ethical hacking and information security, has recently come out with a Whitepaper on what causes hacking of BlackBerry phones, whether it is secure/ lawfully interceptible, and how can it be avoided. Needless to say, BlackBerry users are probably fretting right about now, as most offices these days issue some of their executives, especially the ones that are constantly travelling, with Blackberry handsets.
What the guys at APPIN have stated is simply, as soon as a Trojan for the BlackBerry is out and making its rounds, Blackberry users are going to have a problem with keeping their data secure. A hacking code called the BB Hacking toolkit, which comes with the Blackberry Trojan called BBProxy is what can be deployed into a BlackBerry server and it’s ‘Troy’ all over again. What this deceitful Trojan does is open up a back-door to the company’s BlackBerry Enterprise Server (BES) and the information stored is then up for grabs. In technical terms it will bypass all the company’s security systems that protect data stored on the servers. Not only can the hacker simply remove information undetected they could also infect the system itself.
Since the communications channel between the BlackBerry server and handheld device is encrypted and cannot be properly inspected by typical security products, a tunnel is usually opened by the administrator to allow the encrypted communications channel to the BlackBerry server inside the organization's network. When launched, BBProxy opens up its own hidden tunnel between the BlackBerry and the user's corporate network, as the hack runs in the background.
Thanks to the R&D conducted by APPIN, they also enclosed a few countermeasures in their Whitepaper release –
To counteract this potential threat Secure Computing recommends isolating servers that face the public internet, including a BlackBerry server and the mail server working with it, in their own Demilitarized Zone (DMZ), which would reduce the risk of a compromised server providing access to other critical servers.
The BlackBerry server and mail server should also not be permitted to open arbitrary connections to the internal network or Internet, and internal users should not be permitted to open arbitrary connections to either the BlackBerry server or mail server. There is something like 250 plus commands that allow the administrator to have full control over how the BlackBerry as a platform is used by the users within the BlackBerry Enterprise Server community.
This gives administrators full control over what third party applications can be installed on employee handheld for example. Setting one policy can disable unwanted software altogether. So you never have to worry about malware or anything else that's not authorised.
What the guys at APPIN have stated is simply, as soon as a Trojan for the BlackBerry is out and making its rounds, Blackberry users are going to have a problem with keeping their data secure. A hacking code called the BB Hacking toolkit, which comes with the Blackberry Trojan called BBProxy is what can be deployed into a BlackBerry server and it’s ‘Troy’ all over again. What this deceitful Trojan does is open up a back-door to the company’s BlackBerry Enterprise Server (BES) and the information stored is then up for grabs. In technical terms it will bypass all the company’s security systems that protect data stored on the servers. Not only can the hacker simply remove information undetected they could also infect the system itself.
Since the communications channel between the BlackBerry server and handheld device is encrypted and cannot be properly inspected by typical security products, a tunnel is usually opened by the administrator to allow the encrypted communications channel to the BlackBerry server inside the organization's network. When launched, BBProxy opens up its own hidden tunnel between the BlackBerry and the user's corporate network, as the hack runs in the background.
Thanks to the R&D conducted by APPIN, they also enclosed a few countermeasures in their Whitepaper release –
To counteract this potential threat Secure Computing recommends isolating servers that face the public internet, including a BlackBerry server and the mail server working with it, in their own Demilitarized Zone (DMZ), which would reduce the risk of a compromised server providing access to other critical servers.
The BlackBerry server and mail server should also not be permitted to open arbitrary connections to the internal network or Internet, and internal users should not be permitted to open arbitrary connections to either the BlackBerry server or mail server. There is something like 250 plus commands that allow the administrator to have full control over how the BlackBerry as a platform is used by the users within the BlackBerry Enterprise Server community.
This gives administrators full control over what third party applications can be installed on employee handheld for example. Setting one policy can disable unwanted software altogether. So you never have to worry about malware or anything else that's not authorised.
| Ads by Google | ||
Post a Comment on “BlackBerry Gets Its First Trojan”
There are no comments on this article yet. Why don't you post one?
LATEST NEWS
- "Evolution Of A Good Business Model Will Drive e-Payment System"
- Corporate Virtual World Projects Should Focus On Users
- The Bombay Store Chain To Become Wi-Fi Enabled
- First E-Passports In India To Be Issued Soon
- LIC, Corporation Bank Enter Into Alliance With PayMate
- Cable&Wireless Signs Expansive Contract With Aviva Till 2014
- Kotak Mahindra Bank Selects FLEXCUBE Private Banking
- NetApp Powers Future Business Growth At HT Media
- 'Country of origin' Will Not Matter For ICT Sourcing
- Airtel Partners With Cisco To Launch Managed MPLS Services
| Ads by Google | ||
RELATED
| Ads by Google | ||
Hot Searches & Keywords :
AMD
APAC
Acquisition
Asia Pacific
Asian Paints
BFSI
BI
BSNL
Bharti Airtel
Blackberry
Broadband
Business
Business Objects
Business intelligence
CA
CIO
CIOs
CRM
Cisco
Cisco Systems
Compliance
Data
Data Centre
Datacentre
Dell
EMC
ERP
Frost & Sullivan
Gartner
Google
Growth
HP
IBM
IDC
IT
India
Infrastructure
Intel
Internet
Linux
Manish Choksi
McAfee
Microsoft
Mobile
Mobile Banking
Nasscom
NetApp
Network
Networking
Novell
Open Source
Oracle
PLM
Red Hat
Retail
SAP
SMB
SMBs
SME
SMEs
SOA
SaaS
Satyam
Security
Software
Storage
Sun Microsystems
Symantec
TCS
Teradata
VMware
Virtualisation
VoIP
Web
Web 2.0
Websense
WiMax
Wipro
e-governance
healthcare
investment
outsourcing
partnership
telecom
|
|
||
| Ads by Google |
Sections
Applications |
Audits&surveys |
Bfsi |
Bookreviews |
Businessintelligence |
Businessprocesses |
Ciscosmenews |
Ciscowhitepapers |
Computing |
Contactcenters |
Contributedvideos |
Crm |
Ctoprofiles |
Datasecurity |
Databases |
Datacenters |
Education |
Energy |
Erp |
Focusspecials |
Government |
Guruspeak |
Hardwaresecurity |
Indialogue |
Innovation&leadership |
Innovators |
Intrusiondetection |
Intrusionprevention |
Ites |
Knowledgeprocess |
Lenovo |
Linux |
Managedservices |
Manufacturing |
Media |
Mobile |
Mobility |
Movement |
Networking |
Oncuewithitleaders |
Peoplemanagement |
Pharma |
Platforms |
Policies&compliance |
Recruitment |
Retail |
Saas |
Scm |
Securitymanagement |
Servers |
Services |
Softwaresecurity |
Softwareservices |
Specialreports |
Storage |
Storagesolution(apps) |
Techaction |
Telecom |
Telecommunications |
Theinsider |
Trendwatch |
Web |
Webisodescisco |
Weeklywrapup |
About Us | Copyright © 2006, Biztech2.com India - A Network18 Venture