LAS VEGAS, NV – During Saturday’s session of the Defcon convention, IT security researcher Jesse D’Aguanno announced that he has developed a program called “BBProxy” that, when executed on a Blackberry device, could give an attacker access to the victim’s network. D’Aguanno also said he plans to release the exploit code at some point within the next several days.D’Aguanno said BBProxy can be installed on a BlackBerry directly or sent as an email attachment to unsuspecting BlackBerry users. The exploit works by opening a “back channel” between the handheld device and the BlackBerry servers to which the mobile devices are connect.
The Security Computing Corp. (SCC) issued a warning Tuesday stating that once the BBProxy code has been released, “organizations that have installed their BlackBerry server behind their gateway security devices could be subject to a hacking attack.”
“Since the communications channel between the BlackBerry server and handheld device is encrypted and cannot be properly inspected by typical security products, a tunnel is most often opened by the administrator to allow the encrypted communications channel to the BlackBerry server inside the organization’s network,” the SCC stated in Tuesday’s warning. “A malicious person could potentially use this back channel to move around inside of an organization unabated and remove confidential information undetected or use the back channel to install malware on the network.”
In his presentation, D’Aguanno called BBProxy “the first and only BlackBerry Trojan that I know of.” Officials from BlackBerry manufacturer Research in Motion (RIM), however, downplayed the actual threat posed by BBProxy.
“There are a number of hoops that you have to go through to make this thing possible,” said Scott Totzke, director of the global security group for RIM told CNet News, adding that it is impossible to email an application to the devices and that users would have to download the actual application.
“I don’t see releasing code as much of a threat,” Totzke said of D’Aguanno’s plan to release BBProxy in the weeks ahead. “It is an example of an application running on a BlackBerry that is designed to connect to network resources.”
Paul Henry, vice president of Strategic Accounts for SCC, warned that BlackBerry users shouldn’t be complacent, despite the assurances from RIM.
While Henry agreed that the hole was not due to a bug in the BlackBerry device itself, he told TechNewsWorld that the code is “designed to provide this client-server model across an encrypted tunnel” and that an attacker could potentially “use that capability to possibly gain entry into a corporate network and bring malware in, or remove confidential information from, the network.”
To defend against potential attacks and limit the risk of exposure to BBProxy-related exploits, Henry offered a list of “common sense network architecture and policy suggestions” in the SCC warning Tuesday.
Henry’s suggestions, and the full text of the SCC warning, are available here: http://www.securecomputing.com/press_releases.cfm?p=irol-newsArticle&ID=893256
