Code May Sour BlackBerry Users
Jesse D'Aguanno, director of professional services and research for Praetorian Global, says his project doesn't actually target the BlackBerry Enterprise Server itself. "It's not an exploit in the traditional sense where it's a software bug that needs a patch," D'Aguanno says. "It's really more of an architectural issue, exploiting the trust between a BlackBerry and BES and the components that allow network access."
It's a back-channel that subverts perimeter security, he says. The BES then becomes a stepping-stone to any other machines on the internal network, he says. Once in through the BlackBerry, an attacker could hit any vulnerable machines on the network. "The attacker wouldn't have to use BlackBerry as a conduit anymore, and would have a more viable attack vector" inside, he says.
Get the rest of the story at Dark Reading.
— Kelly Jackson Higgins, Senior Editor, Dark Reading