News

Blackberry exploit code poses threat to corporates

One of the first hacking programs to target the Blackberry mobile e-mail device has been publicised at the Defcon hacking convention in Las Vegas.

Internet security researcher Jesse D'Aguanno intends releasing the code for his BBProxy Blackberry hacking program, and companies are being warned to make sure their Blackberry e-mail servers are protected to cope with it.

The program can be sent as an e-mail attachment to unsuspecting users. Once installed, BBProxy opens a back channel between the hacker and the inside of the victim’s corporate network, bypassing gateway security mechanisms.

Internet security company Secure Computing Corporation has warned organisations that the encrypted back channel that the BBProxy opens cannot be blocked by common security gateways, and could be used to install malware on corporate systems.

Secure Computing has recommended that internet-facing servers like a Blackberry server should be isolated on their own portion of a network to stop any such malware being spread to other areas.

Only those connections necessary to run the Blackberry server should be permitted. The Blackberry server should not be allowed to open arbitrary connections to the internal network or internet, said Secure Computing.

The mail server that works with the Blackberry server is also an internet-facing server and should also be isolated on its own separate portion of the network, said Secure Computing.

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy