[ news_security_news ]
BlackBerry Hack Attack Scheduled For Next Week
SecurityProNews
Staff Writer
2006-08-11
 Insider Reports RSS Feed
Secure Computing Corporation issued a warning that organizations that have installed their BlackBerry server behind their gateway security devices could be subject to a hacking attack when security researcher Jesse D'Aguanno is scheduled to release the code for his BlackBerry hack next week.
As first published by Wired News, D'Aguanno, a consultant with Praetorian Global, developed a hacking program intended to prove the vulnerability.
The soon to be released program, called BBProxy, can be installed on a BlackBerry or sent as an e-mail attachment to an unsuspecting user. Once installed, BBProxy opens a back channel bypassing the organization's gateway security mechanisms between the hacker and the inside of the victims' network.
Secure says that since the communications channel between the BlackBerry server and handheld device is encrypted and cannot be properly inspected by typical security products, a tunnel is most often opened by the administrator to allow the encrypted communications channel to the BlackBerry server inside the organization's network.
Hackers could potentially use this back channel to move around inside of an organization unabated and remove confidential information undetected or use the back channel to install malware on the network, the company said.
Paul Henry, vice president of Strategic Accounts for Secure Computing, provided a checklist to help prevent such an attack:
* Servers connecting to the public Internet have an inherent risk. Isolating these Internet facing servers reduces the risk of a compromised server providing access to other critical servers. Hence due diligence would require that any Internet facing server like a BlackBerry server should be isolated on its own DMZ segment.
* Only those connections necessary to facilitate the operation of the BlackBerry server should be permitted. The BlackBerry server should not be permitted to open arbitrary connections to the internal network or Internet.
* The mail server that is working with the BlackBerry server is also an Internet facing server and should also be isolated on its own separate DMZ.
* Only those connections necessary to facilitate the normal operation of the mail server should be permitted. The mail server should not be permitted to open arbitrary connections to the internal network or Internet.
* Internal users should not be permitted to open arbitrary connections to either the BlackBerry server or mail server.
Get all the updates in RSS: 
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
