Holey Blackberry!

4:45 PM -- If there's anything that strikes fear into corporate communications managers more than losing Blackberry service for their mobile employees, it's a security flaw that would let the company's mobile messaging service be invaded and taken over. (See Users in Blackberry Jam.)

Early this week it sounded like that's exactly what had happened: A German hacker/security expert, of the shadowy security group known as Phenoelit, reported at the 22nd Chaos Communications Congress in Berlin that he'd discovered a vulnerability in the Blackberry attachment service that allows an attacker armed with a customized TIFF file to shut down the service.

This sounded like big news, but a little digging into the subject reveals that it's both smaller and bigger than it initially sounds.

First, the user under attack must open the corrupted TIFF file, which of course violates Network Security Rule No. 1: Never open attachments from unknown sources.

But even if the attack is successful, it will only shut down the attachment service, not the entire Blackberry service, meaning that the unwary user could still send and receive messages, make phone calls, browse the Internet, and access the corporate network. The temporary precaution released by Blackberry maker BlackBerry , in fact, was essentially to shut down the attachment service -- exactly what the malicious code was attempting to do (a classic case of "the terrorists winning" through fear of attack, not the attack itself).

On his security blog on The Washington Post site, Brian Krebs reports that he contacted FX, a.k.a. Felix Lindner (does this guy look like a hacker or what?), and that Lindner has actually identified a more dangerous underlying flaw: "a vulnerability in the way Blackberry servers handle portal network graphics (PNG) images." Lindner's comment to Krebs should be read by every corporate IT security manager:

"We started looking at all of the privileges this server needs while sitting right in the middle of the network and realized we didn't know anything about it," Lindner says, adding that the Blackberry server that manages the encryption keys used to unscramble email traffic on all the Blackberry devices registered on the network stores them on a Micorosft SQL database server in plain, unencrypted text.

— Richard Martin, Senior Editor, Unstrung

Be the first to post a comment regarding this story.
Sign In