Specifications

ManualsBrandsBlackberry ManualsOtherJAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE

Table Of Contents

Introduction........................................................................................................................................................
Architecture Overview........................................................................................................................................
Operating System..............................................................................................................................
Code Signing...................................................................................................................................................
Modifying Signed Applications..................................................................................................................
Malicious Code Signing..............................................................................................................................
Mitigation Strategies......................................................................................................................................
BIS Deployment.........................................................................................................................................
Application Permissions.......................................................................................................................
Device Firewall....................................................................................................................................
BES Deployment......................................................................................................................................
IT Policy...............................................................................................................................................
Application Control Policy...................................................................................................................
Application Permissions.....................................................................................................................
Device Firewall....................................................................................................................................
Attack Surface Analysis....................................................................................................................................
Introduction.................................................................................................................................................
JAD Files.......................................................................................................................................................
Mitigation................................................................................................................................................
File System...................................................................................................................................................
Persistent Storage...................................................................................................................................
J2ME File System.....................................................................................................................................
USB Mass Storage....................................................................................................................................
Mitigation................................................................................................................................................
Memory and Processes................................................................................................................................
Auto start-up and Background processes...............................................................................................
SMS (Short Message Service)......................................................................................................................
Premium Rate Scam................................................................................................................................
SMS Interception.....................................................................................................................................
SMS Backdoor..........................................................................................................................................
Mitigation................................................................................................................................................
Bluetooth......................................................................................................................................................
Bluetooth Backdoor.................................................................................................................................
Bluetooth Worms.....................................................................................................................................
Mitigation................................................................................................................................................
Email.............................................................................................................................................................
Email Interception...................................................................................................................................
Backdoor..................................................................................................................................................
Worm........................................................................................................................................................
Mitigation................................................................................................................................................
PIM Data (Personal Information Manager Data).........................................................................................
Data Theft................................................................................................................................................
Loss of data availability and integrity.....................................................................................................
Mitigation................................................................................................................................................
TCP/IP Connections......................................................................................................................................
Proxy/Firewall Bypass.............................................................................................................................
Backdoor..................................................................................................................................................
Port Scan..................................................................................................................................................
Mitigation................................................................................................................................................
Port Scan..................................................................................................................................................
HTTP / WAP...................................................................................................................................................
Data Theft................................................................................................................................................
Backdoor............................................................................................................................................
HTTP Proxy...............................................................................................................................................
Mitigation................................................................................................................................................
Telephony.....................................................................................................................................................
Call Record Monitoring............................................................................................................................
Premium Rate Calls.................................................................................................................................
Bypassing Caller Verification Systems....................................................................................................
Telephony Data Theft...............................................................................................................................
Mitigation................................................................................................................................................
Camera.........................................................................................................................................................
Mitigation................................................................................................................................................
Conclusions......................................................................................................................................................
Appendix A........................................................................................................................................................
References........................................................................................................................................................

Attack Surface Analysis of BlackBerry Devices

Appendix A

The table below illustrates which features of the BlackBerry API require code signing, which can be used

unsigned with user prompting, and which can be used freely unsigned.

Table compiled from reading RIM API documentation.

Feature Signed Unsigned Prompt Unsigned

MIDP Record Store X

BlackBerry Persistence

Model

Auto Startup Process X

Background Process X

SMS X

Bluetooth X X

(see Bluetooth section)

Email X

PIM Data X

TCP/IP X

HTTP/WAP X

Telephony X

Location Tracking X