Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Purported BlackBerry Hack Overstated, RIM Says

A security researcher next week plans to release code that could enable hackers to exploit the encrypted link between BlackBerry handhelds and servers to bypass gateway security and hit machines inside corporate networks.

BlackBerry maker Research In Motion (RIM) and its partners, however, say the risk is overstated.

At last week's Defcon security conference in Las Vegas, Jesse D'Aguanno, a consultant at Praetorian Global, a Placerville, Calif.-based risk management firm, showed how a hacking program he developed--called BBProxy--could allow an attacker to gain access to a company's internal network via the encrypted connection between a BlackBerry handheld and the Blackberry Enterprise Server (BES).

Security vendor Secure Computing on Tuesday warned companies that their BES deployments on internal networks could be vulnerable to a BBProxy attack. After manually installing BBProxy or getting a user to install it via an e-mail attachment, a hacker could piggyback the encrypted connection between the handheld and the BES and gain access to the internal network, according to San Jose, Calif.-based Secure.

However, the notion that BBproxy could be spread by e-mail without user interaction is misleading, said Scott Totzke, director of the global security group at RIM, Waterloo, Ontario. "Our attachment service doesn't work that way. You can send and view e-mail, but the BES system is designed to require users to manually download the application from a Web site," he said.

  • 1