wired.com — "Jesse D'Aguanno, a consultant with Praetorian Global, has developed a hacking program that exploits the trust relationship between a Blackberry and a company’s internal server to hijack a connection to the network.""D'Aguanno said he'll release BBProxy for download in a week or so."
Aug 6, 2006 View in Crawl 4
metfooAug 7, 2006
i love how wired mentions RIM knows of the exploiits and posted docs on hardening the server, but the fail to link to them. A search for BBProxy also returns nothing...
mlw72zAug 7, 2006
There are three ways to install an application on a BlackBerry device: via the application loader when the device is plugged in, OTA (over the air) push from the BlackBerry enterprise server, or via an explicit download URL that requires user input on the device to initiate the installation. Only digitally-signed applications can do anything useful (network communications, persistent storage, PIM functions, etc.) and therefore it's possible to trace any such application to the developer who had to pay a fee to get the application signed in the first place. Once the application is loaded on the device, the first time it attempts to do anything useful (like opening a network connection or accessing your email) the user will be once again prompted to determine if that operation should be allowed.
masterchiAug 7, 2006
@I440Not all hackers are "immoral" and are evil, there are some legit "hackers" that choose to find vulnerabilities in systems, such as the blackberry, for a fix before a truly "immoral hacker" does do something improper.<a class="user" href="http://en.wikipedia.org/wiki/White-hat_hacker">http://en.wikipedia.org/wiki/White-hat_hacker</a>
snownskateAug 7, 2006
You've obviously never used one for a period of time. Nothing out there compares to the BES/handheld combo right now.
swirviAug 7, 2006
Lighten up jggr you just have a bad sense of humor. Blatant textual sarcasm is easy enough to spot, and i440 was laying it on pretty thick. In case you can't tell I'm not being sarcastic. ( < but that was ironic (< and so was that))
smobilemanAug 11, 2006
The issue revolving around the development and release of BBProxy are interesting ones. The Blackberry does however have a few vulnerabilities and it is easier to exploit the device then most would think. For instance if the BBProxy were built into another application like a mobile game or an application that checks the weather or any application that would be transparent the user wouldn’t know they were running the exploit. The solution provided by RIM "Limit what the device can do by locking them down" is not the right one. Who wants a device that is less functional?
ibanyanAug 12, 2006
Not a big deal at all.Listen to Jesse talk about it on this special edition of the MCA podcast.<a class="user" href="http://mca.libsyn.com/">http://mca.libsyn.com/</a>