Specifications
Table Of Contents
- Introduction........................................................................................................................................................
- Architecture Overview........................................................................................................................................
- Operating System..............................................................................................................................
- Code Signing...................................................................................................................................................
- Modifying Signed Applications..................................................................................................................
- Malicious Code Signing..............................................................................................................................
- Mitigation Strategies......................................................................................................................................
- BIS Deployment.........................................................................................................................................
- Application Permissions.......................................................................................................................
- Device Firewall....................................................................................................................................
- BES Deployment......................................................................................................................................
- IT Policy...............................................................................................................................................
- Application Control Policy...................................................................................................................
- Application Permissions.....................................................................................................................
- Device Firewall....................................................................................................................................
- Attack Surface Analysis....................................................................................................................................
- Introduction.................................................................................................................................................
- JAD Files.......................................................................................................................................................
- Mitigation................................................................................................................................................
- File System...................................................................................................................................................
- Persistent Storage...................................................................................................................................
- J2ME File System.....................................................................................................................................
- USB Mass Storage....................................................................................................................................
- Mitigation................................................................................................................................................
- Memory and Processes................................................................................................................................
- Auto start-up and Background processes...............................................................................................
- SMS (Short Message Service)......................................................................................................................
- Premium Rate Scam................................................................................................................................
- SMS Interception.....................................................................................................................................
- SMS Backdoor..........................................................................................................................................
- Mitigation................................................................................................................................................
- Bluetooth......................................................................................................................................................
- Bluetooth Backdoor.................................................................................................................................
- Bluetooth Worms.....................................................................................................................................
- Mitigation................................................................................................................................................
- Email.............................................................................................................................................................
- Email Interception...................................................................................................................................
- Backdoor..................................................................................................................................................
- Worm........................................................................................................................................................
- Mitigation................................................................................................................................................
- PIM Data (Personal Information Manager Data).........................................................................................
- Data Theft................................................................................................................................................
- Loss of data availability and integrity.....................................................................................................
- Mitigation................................................................................................................................................
- TCP/IP Connections......................................................................................................................................
- Proxy/Firewall Bypass.............................................................................................................................
- Backdoor..................................................................................................................................................
- Port Scan..................................................................................................................................................
- Mitigation................................................................................................................................................
- Port Scan..................................................................................................................................................
- HTTP / WAP...................................................................................................................................................
- Data Theft................................................................................................................................................
- Backdoor............................................................................................................................................
- HTTP Proxy...............................................................................................................................................
- Mitigation................................................................................................................................................
- Telephony.....................................................................................................................................................
- Call Record Monitoring............................................................................................................................
- Premium Rate Calls.................................................................................................................................
- Bypassing Caller Verification Systems....................................................................................................
- Telephony Data Theft...............................................................................................................................
- Mitigation................................................................................................................................................
- Camera.........................................................................................................................................................
- Mitigation................................................................................................................................................
- Conclusions......................................................................................................................................................
- Appendix A........................................................................................................................................................
- References........................................................................................................................................................
Attack Surface Analysis of BlackBerry Devices
Device Firewall
Firewall options can be set on the BlackBerry by going to the following menu:
Options > Security Options > Firewall
The user is then presented with the options outlined in Figure 6. On a BIS deployment, the Firewall is dis-
abled by default. However, if the Firewall is set to "Enabled", the user will subsequently be prompted before
network connections are allowed, as in Figure 5 and Figure 8. The user also has the option of blocking
incoming messages, be they SMS, MMS, PIN, or BlackBerry Internet Service (Email). Again see Figure 6.
BES Deployment
The policy options of the BES are far too numerous to go
through in detail in this document. For a comprehensive
listing see The BlackBerry Enterprise Server Policy
Reference Guide
22
. The policies most relevant to mitigating
malware are described below. The BES provides IT Policy
rules and Application Control rules which can be pushed
onto any BlackBerry under its control. Additionally, the
end-user still has access to the Application Permissions
and Firewall settings on the device itself. IT Policy rules
take highest precedence, followed by Application Control
Policy rules, followed by end-user settings. Note that end-
users can only increase restrictions, not lower them, under
any circumstances.
10
Figure 4: Permission Options Top
Figure 5: Permission Options Bottom
Figure 6: Firewall Options