In the recently concluded Defcon held in Las Vegas, one of the speakers, Jesse “x30n” D’Aguanno introduced an intersting way to utilize the immensely popular
For those people who haven’t heard of Blackberry, it’s a handheld device pretty much like a Cellphone but with a lot more features. It was developed by Research in Motion (RIM) and it basically delivers information over the wireless data networks of cellular telephone companies. If i’m not mistaken, Blackberry users have accumulated to a whopping 5 million since its introduction in 1999. They have become extremely popular in the United States especially with large corporations where they are primarily used to provide email delivery to roaming employees. Blackberries, simply put, are computers with constant connection to the corporate LAN.
Well I’m guessing you guys can already see the major potential risk related to the exploitation of this sort of technology and the guys over at Defcon were given a pretty little demonstration on how this was possible. The attack toolkit was recently made available on the author’s
siteand we were able to secure a copy.
Successfully exploiting these devices can basically allow the attacker several options such as:
- talk to hosts behind the corporate firewall
- attack them
- undermine Intrusion Detection Systems (IDS) or data logging
- do it using a trojan
- sign the trojan anonymously and use all APIs
We are still currently determining what solutions we can provide our customers with to protect them against this exploit.