Blackberry exploit code poses threat to corporates

One of the first hacking programs to target the Blackberry mobile e-mail device has been publicised at the Defcon hacking convention in Las Vegas.

One of the first hacking programs to target the Blackberry mobile e-mail device has been publicised at the Defcon...

hacking convention in Las Vegas.

Internet security researcher Jesse D'Aguanno intends releasing the code for his BBProxy Blackberry hacking program, and companies are being warned to make sure their Blackberry e-mail servers are protected to cope with it.

The program can be sent as an e-mail attachment to unsuspecting users. Once installed, BBProxy opens a back channel between the hacker and the inside of the victim’s corporate network, bypassing gateway security mechanisms.

Internet security company Secure Computing Corporation has warned organisations that the encrypted back channel that the BBProxy opens cannot be blocked by common security gateways, and could be used to install malware on corporate systems.

Secure Computing has recommended that internet-facing servers like a Blackberry server should be isolated on their own portion of a network to stop any such malware being spread to other areas.

Only those connections necessary to run the Blackberry server should be permitted. The Blackberry server should not be allowed to open arbitrary connections to the internal network or internet, said Secure Computing.

The mail server that works with the Blackberry server is also an internet-facing server and should also be isolated on its own separate portion of the network, said Secure Computing.

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:



Enjoy the benefits of CW+ membership, learn more and join.

Read more



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: