Specifications
Table Of Contents
- Introduction........................................................................................................................................................
- Architecture Overview........................................................................................................................................
- Operating System..............................................................................................................................
- Code Signing...................................................................................................................................................
- Modifying Signed Applications..................................................................................................................
- Malicious Code Signing..............................................................................................................................
- Mitigation Strategies......................................................................................................................................
- BIS Deployment.........................................................................................................................................
- Application Permissions.......................................................................................................................
- Device Firewall....................................................................................................................................
- BES Deployment......................................................................................................................................
- IT Policy...............................................................................................................................................
- Application Control Policy...................................................................................................................
- Application Permissions.....................................................................................................................
- Device Firewall....................................................................................................................................
- Attack Surface Analysis....................................................................................................................................
- Introduction.................................................................................................................................................
- JAD Files.......................................................................................................................................................
- Mitigation................................................................................................................................................
- File System...................................................................................................................................................
- Persistent Storage...................................................................................................................................
- J2ME File System.....................................................................................................................................
- USB Mass Storage....................................................................................................................................
- Mitigation................................................................................................................................................
- Memory and Processes................................................................................................................................
- Auto start-up and Background processes...............................................................................................
- SMS (Short Message Service)......................................................................................................................
- Premium Rate Scam................................................................................................................................
- SMS Interception.....................................................................................................................................
- SMS Backdoor..........................................................................................................................................
- Mitigation................................................................................................................................................
- Bluetooth......................................................................................................................................................
- Bluetooth Backdoor.................................................................................................................................
- Bluetooth Worms.....................................................................................................................................
- Mitigation................................................................................................................................................
- Email.............................................................................................................................................................
- Email Interception...................................................................................................................................
- Backdoor..................................................................................................................................................
- Worm........................................................................................................................................................
- Mitigation................................................................................................................................................
- PIM Data (Personal Information Manager Data).........................................................................................
- Data Theft................................................................................................................................................
- Loss of data availability and integrity.....................................................................................................
- Mitigation................................................................................................................................................
- TCP/IP Connections......................................................................................................................................
- Proxy/Firewall Bypass.............................................................................................................................
- Backdoor..................................................................................................................................................
- Port Scan..................................................................................................................................................
- Mitigation................................................................................................................................................
- Port Scan..................................................................................................................................................
- HTTP / WAP...................................................................................................................................................
- Data Theft................................................................................................................................................
- Backdoor............................................................................................................................................
- HTTP Proxy...............................................................................................................................................
- Mitigation................................................................................................................................................
- Telephony.....................................................................................................................................................
- Call Record Monitoring............................................................................................................................
- Premium Rate Calls.................................................................................................................................
- Bypassing Caller Verification Systems....................................................................................................
- Telephony Data Theft...............................................................................................................................
- Mitigation................................................................................................................................................
- Camera.........................................................................................................................................................
- Mitigation................................................................................................................................................
- Conclusions......................................................................................................................................................
- Appendix A........................................................................................................................................................
- References........................................................................................................................................................
Attack Surface Analysis of BlackBerry Devices
Application Permissions
See the section titled "BIS Deployment" for information on how to setup Application Permissions on the
BlackBerry device. Note that it is not possible to reduce any constraints imposed by an IT/Application
Control Policy using the Application Permissions settings on the device.
Device Firewall
See the section titled "BIS Deployment" for information on how to setup the Device Firewall on the
BlackBerry device. Note that it is not possible to reduce any constraints imposed by an IT/Application
Control Policy using the Firewall settings on the device.
Attack Surface Analysis
Introduction
The following section describes each of the areas analyzed by Symantec, observations made and attack sur-
faces which exist. The attacks outlined fall into a number of distinct high-level categories, these are:
• Spoofing: A situation where there exists the opportunity to spoof information upon which the
user will make a decision which may impact the security of the device.
• Data Interception or Access: A situation where data can be intercepted or accessed by mali-
cious code that is on the device.
• Data Theft: A situation where data can be sent out of the device by malicious code which is on
the device.
• Backdoor: A situation where malicious code that is resident on the device is able to offer func-
tionality which would allow an attacker to gain access at will.
• Service Abuse: A situation where malicious code that is resident on the device is able to perform
actions which will cause the user higher that expected service provider costs.
• Availability: A situation where malicious code that is resident on the device is able to impact the
availability or integrity of either the device or the data held upon it.
• Network Access: A situation where malicious code that is resident on the device is able to use
the device for one or more unauthorised network activities. This may include port scanning or
alternatively using the device as a proxy for network communications.
• Wormable: A technology which can be utilised by malicious code on the device to further help in
its propagation in a semi-autonomous fashion.
The following table shows for each of the areas analysed their susceptibility to these attacks, and how they
may be mitigated.
13