All the latest UK technology news, reviews and analysis
|
|
|
09 Aug 2006
Many enterprises that have issued staff with BlackBerry mobile email devices will be vulnerable to a serious hack attack when security researchers release exploit code, security experts warned today.
According to Secure Computing Corporation, any firm that has deployed a BlackBerry server behind its gateway could fall foul to the hacking code that is due to be published by IT security specialist Jesse D'Aguanno next week.
The soon-to-be-released hacking program, called BBProxy, can be installed on a BlackBerry or sent as an email attachment to an unsuspecting user. Once installed, BBProxy opens a back channel bypassing the organisation's gateway security mechanisms between the hacker and the inside of the victim's network, Secure Computing stated.
Since the communications channel between the BlackBerry server and handheld device is encrypted and cannot be properly inspected by typical security products, a tunnel is most often opened by the administrator to allow the encrypted communications channel to the BlackBerry server inside the organisation's network. A malicious person could potentially use this back channel to move around inside an organisation unabated and remove confidential information undetected or use the back channel to install malware on the network.
Paul Henry, vice president of Strategic Accounts for Secure Computing, warned that servers connecting to the public internet have an inherent risk: " Isolating these internet-facing servers reduces the risk of a compromised server providing access to other critical servers. Hence due diligence would require that any internet-facing server like a BlackBerry server should be isolated on its own demilitarised zone segment," said Henry.
He also advised enterprises to ensure that their mail servers working with the BlackBerry server are also an internet-facing server and should also be isolated on their own separate DMZ.
Additional protection can be achieved by preventing internal users from opening arbitrary connections to either the BlackBerry server or mail server.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java Developer - Belfast - Banking Skills: Core Java...
I am recruiting for a Shared Accounting Service Manager...
QA Tester/Automation Tester - C# .NET Agile, Epsom, Surrey...
3RD LINE EXCHANGE 2010 / 2003, QUEST, LONDON, GLOBAL...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
WHat is the lastest on this?
This article was posted 9th August 2006, almost a year ago. what is the current status on the identified vulberabilities?
Posted by: Edith 03 Aug 2007