Specifications
Table Of Contents
- Introduction........................................................................................................................................................
- Architecture Overview........................................................................................................................................
- Operating System..............................................................................................................................
- Code Signing...................................................................................................................................................
- Modifying Signed Applications..................................................................................................................
- Malicious Code Signing..............................................................................................................................
- Mitigation Strategies......................................................................................................................................
- BIS Deployment.........................................................................................................................................
- Application Permissions.......................................................................................................................
- Device Firewall....................................................................................................................................
- BES Deployment......................................................................................................................................
- IT Policy...............................................................................................................................................
- Application Control Policy...................................................................................................................
- Application Permissions.....................................................................................................................
- Device Firewall....................................................................................................................................
- Attack Surface Analysis....................................................................................................................................
- Introduction.................................................................................................................................................
- JAD Files.......................................................................................................................................................
- Mitigation................................................................................................................................................
- File System...................................................................................................................................................
- Persistent Storage...................................................................................................................................
- J2ME File System.....................................................................................................................................
- USB Mass Storage....................................................................................................................................
- Mitigation................................................................................................................................................
- Memory and Processes................................................................................................................................
- Auto start-up and Background processes...............................................................................................
- SMS (Short Message Service)......................................................................................................................
- Premium Rate Scam................................................................................................................................
- SMS Interception.....................................................................................................................................
- SMS Backdoor..........................................................................................................................................
- Mitigation................................................................................................................................................
- Bluetooth......................................................................................................................................................
- Bluetooth Backdoor.................................................................................................................................
- Bluetooth Worms.....................................................................................................................................
- Mitigation................................................................................................................................................
- Email.............................................................................................................................................................
- Email Interception...................................................................................................................................
- Backdoor..................................................................................................................................................
- Worm........................................................................................................................................................
- Mitigation................................................................................................................................................
- PIM Data (Personal Information Manager Data).........................................................................................
- Data Theft................................................................................................................................................
- Loss of data availability and integrity.....................................................................................................
- Mitigation................................................................................................................................................
- TCP/IP Connections......................................................................................................................................
- Proxy/Firewall Bypass.............................................................................................................................
- Backdoor..................................................................................................................................................
- Port Scan..................................................................................................................................................
- Mitigation................................................................................................................................................
- Port Scan..................................................................................................................................................
- HTTP / WAP...................................................................................................................................................
- Data Theft................................................................................................................................................
- Backdoor............................................................................................................................................
- HTTP Proxy...............................................................................................................................................
- Mitigation................................................................................................................................................
- Telephony.....................................................................................................................................................
- Call Record Monitoring............................................................................................................................
- Premium Rate Calls.................................................................................................................................
- Bypassing Caller Verification Systems....................................................................................................
- Telephony Data Theft...............................................................................................................................
- Mitigation................................................................................................................................................
- Camera.........................................................................................................................................................
- Mitigation................................................................................................................................................
- Conclusions......................................................................................................................................................
- Appendix A........................................................................................................................................................
- References........................................................................................................................................................
Attack Surface Analysis of BlackBerry Devices
Backdoor
HTTP Proxy
Telephony
The telephony API net.rim.blackberry.api.phone cannot be utilized by unsigned applications. Signed
applications can monitor existing and past call records (not audio content) and send DTMF tones on exist-
ing calls. Applications can register to be notified of the following events:
callAdded
callAnswered
callConferenceCallEstablished
callConnected
callDirectConnectConnected
callDirectConnectDisconnected
callDisconnected
callEndedByUser
callFailed
callHeld
callIncoming
callInitiated
callRemoved
callResumed
callWaiting
conferenceCallDisconnected
List compiled from RIM API documentation.
5
30
IT Policy "Allow External Connections" = False
Application Controls "External Domains" = [list of allowed domains]
or
"External Network Connections" = Not Permitted
Device Firewall Status = Enabled
Application Permissions Connections > Carrier Internet = Deny
Other Device Settings
IT Policy "Allow External Connections" = False
Application Controls "External Domains" = [list of allowed domains]
or
"External Network Connections" = Not Permitted
Device Firewall Status = Enabled
Application Permissions Connections > Carrier Internet = Deny
Other Device Settings