Code May Sour BlackBerry Users

If your BlackBerry server sits behind a firewall or IDS, beware: A researcher will release proof-of-concept code this week that an attacker could use to get inside the corporate network.

Jesse D'Aguanno, director of professional services and research for Praetorian Global, says his project doesn't actually target the BlackBerry Enterprise Server itself. "It's not an exploit in the traditional sense where it's a software bug that needs a patch," D'Aguanno says. "It's really more of an architectural issue, exploiting the trust between a BlackBerry and BES and the components that allow network access."

It's a back-channel that subverts perimeter security, he says. The BES then becomes a stepping-stone to any other machines on the internal network, he says. Once in through the BlackBerry, an attacker could hit any vulnerable machines on the network. "The attacker wouldn't have to use BlackBerry as a conduit anymore, and would have a more viable attack vector" inside, he says.

Get the rest of the story at Dark Reading.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Be the first to post a comment regarding this story.
Sign In