Companies with BlackBerry communications servers installed behind their gateway security devices could be compromised when a security researcher releases new hack code for the wireless devices.
Businesses that use gateway security appliances to protect Research In Motion’s BlackBerry communications servers could be subject to attacks based on the planned release of exploit code by a high-profile malware researcher.
According to a warning released by network security applications and device provider Secure Computing, organizations with their BlackBerry servers installed behind their gateway intrusion detection boxes could be compromised when researcher Jesse D’Aguanno, a consultant with risk management experts Praetorian Global, of Placerville, Calif., releases his code the week of Aug. 14. D’Aguanno first revealed his vulnerability exploit on Aug. 5 at the Defcon hacker convention in Las Vegas. ….
Read the whole article over on : eWeek.com
@ Gregg,
You’re right that typically exploits only work in certain circumstances. Having that said, how many companies would actually know if they have a BlackBerry security breach ??
While on the surface this does look bad, if you have a Policy to not allow 3rd party apps to be loaded on your corporate BlackBerry devices, this ‘hole’ will be fixed. And while we are on the subject of Blackberry, do you have as much trouble as I do finding anything on their site? This document on malware, which I expected to be highlighted or something, was tough to find. I ended up doing a search of their site.
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/7979/1181821/828044/1181292/Protecting_the_BlackBerry_device_platform_against_malware.pdf?nodeid=1266119&vernum=0
Would “zero” be the right answer? I don’t want to appear too cynical, but that’s what I would guess. I think that you have touched on an important topic – how many Infrastructure people look at the BlackBerry as a possible threat? But, and I hate to beat a dead horse, a properly used BlackBerry IT Policy *should* fix this.