Can you trust your BlackBerry?
So-called 'Blackjacking' exploits tunnel to the network
- By William Jackson
- Sep 14, 2006
For many executives and government officials the BlackBerry is a trusted extension of the office, a secure pipeline back to the home network.
And therein lies a problem.
At the recent DefCon hacker conference in Las Vegas, a security researcher demonstrated a technique called Blackjacking for exploiting that trust. It uses the BlackBerry as a proxy to establish a virtual connection from an attacker into an internal network.
'Sweet! So now we can directly communicate with any port on an internal host from an external host'right through our little BlackBerry handheld,' Jesse D'Aguanno said in his presentation.
The tool, BBProxy, uses Research in Motion Ltd.'s encrypted tunnel between the handheld and its enterprise server to deliver exploits and avoid detection by perimeter security devices.
D'Aguanno, director of professional services at the IT risk management company Praetorian Global LLC of Placerville, Calif., also demonstrated a Trojan horse to deliver BBProxy to the handheld.
Paul Henry, vice president of strategic accounts for Secure Computing Corp. of San Jose, Calif., said the threat of Blackjacking is real, but it highlights a broader problem. Encrypted remote connections, such as VPNs, are assumed to be secure because they are encrypted.
'No consideration was given to the security of the end point itself,' in this case the BlackBerry, he said.
RIM does a good job of securing data on the BlackBerry, but a hacker going through the BlackBerry can have almost unlimited access to the home network.
'I'm not trying to pick on BlackBerry,' Henry said. 'It's simply another encrypted tunnel to surf into the network.'
Most enterprises that use the BlackBerry Enterprise Solution, which includes a server inside the network, do not treat the BlackBerry like a full-fledged computer, D'Aguanno said. And that lack of respect creates a threat.
Despite their popularity, attacks against BlackBerrys have so far been rare. D'Aguanno said his Tic Tac Toe game download is the first BlackBerry Trojan he is aware of. The code must be signed with a private key from RIM to access proprietary APIs on the BlackBerry, but D'Aguanno was able to get a key for a $100 processing fee paid through an anonymous prepaid gift card.
So far, Blackjacking is limited to using TCP exploits, but D'Aguanno said it could easily be upgraded to include User Datagram Protocol.
The threat from Blackjacking and similar exploits can be mitigated with some common sense precautions, Henry said. First, take seriously the security of end points making remote connections. Pay attention to configurations and what is being loaded on them.
Second, treat all servers facing the Internet, including the BlackBerry Enterprise Server and mail servers, with caution. They should be isolated in their own DMZs and only those connections that are necessary for normal operation should be allowed. Arbitrary connections to or from BlackBerry and mail servers should be prohibited.
William Jackson is freelance writer and the author of the CyberEye blog.