|
Businesses that use gateway security appliances to protect Research In Motion's BlackBerry communications servers could be subject to attacks based on the planned release of exploit code by a high-profile malware researcher.
According to a warning released by network security applications and device provider Secure Computing, organizations with their BlackBerry servers installed behind their gateway intrusion detection boxes could be compromised when researcher Jesse D'Aguanno, a consultant with risk management experts Praetorian Global, of Placerville, Calif., releases his code the week of Aug. 14. D'Aguanno first revealed his vulnerability exploit on Aug. 5 at the Defcon hacker convention in Las Vegas.
While RIM has already posted instructions to its Web site meant to help customers avoid the attack by reconfiguring their gateway devices, experts at Secure Computing maintain that businesses may still be at risk. RIM officials did not immediately return phone calls seeking comment on the potential attack.
In his presentation at Defcon, D'Aguanno highlighted the ability of a hacking program dubbed BBProxy to be installed on a BlackBerry device or sent as an e-mail attachment to an unsuspecting user. Once installed, the attack opens a covert communications channel with the RIM servers by bypassing gateway security controls installed between the hacker and the inside of the victims' network.
Because the communications channel between the BlackBerry server and any connected handheld device is encrypted and cannot be scoured by most network intrusion detection tools, unsuspecting administrators could be lured into opening the connection and allowing it to link to the network, according to Secure, which is based in San Jose, Calif. Once an outsider has been given such access to a network they could use it to carry out a range of dishonest activity, from stealing information to using the connection to deliver malware code.
As a result, Secure is recommending that companies using BlackBerry servers in such an environment should isolate the devices on their own DMZ segments, while limiting any network connections to those specifically necessary to facilitate the operation of the BlackBerry servers. The company said that the servers should not be configured to open arbitrary connections to the internal network or Internet.
A pair of hackers at the Black Hat conference showed off a new technique for breaking into computers via flaws in wireless drivers. Click here to read more.
Secure advises that any mail servers working with the BlackBerry infrastructure should also be isolated on their own separate DMZ, allowing only the minimum connections needed to remain up-and-running. BlackBerry-connected mail servers should not be allowed to open arbitrary connections to internal networks or the Internet to protect against attacks, the company said. Internal users should also be barred from opening arbitrary connections to either BlackBerry servers or connected mail servers, according to the security company.
The attack detailed by D'Aguanno uses the trusted relationship established between the RIM back-end servers and its popular wireless devices to take over the network on which they are running. Because the communications between the devices are encrypted, network defenses will not find or shut down the tunnel, the researcher maintains. Since most companies cannot detect the attack once it has been launched internally on a network, and the BlackBerry infrastructure has not yet been singled out by high-profile attacks, enterprises operating the gear are likely to be vulnerable, D'Aguanno said.
After reporting the potential weakness, D'Aguanno said he would release his exploit code for download in roughly one week. The attack is not yet believed to have been made publicly available.
RIM shipped just under 1.3 million BlackBerry devices during the second quarter of 2006, according to the latest figures from researchers at Gartner, in Stamford, Conn. The wireless device maker reported that it had approximately 5.5 million subscribers worldwide at the close of its first quarter, which ended June 3, and said it hoped to add another 700,000 customers during the second quarter as it drives toward its target of attracting 10 million users around the globe.
|
