Security Watch – Exploits and Attacks – Cracking the BlackBerry with a $100 Key
The security model of that BlackBerry on your hip isn’t holding up very well to third-party scrutiny.
According to a white paper by John O’Connor, a researcher on Symantec’s security response team, hackers can pay $100 for an API developer key that can open doors to the theft of data from Research in Motion’s BlackBerry devices.
O’Connor’s paper was briefly posted — and quickly yanked — from a blog entry discussing the future of the BlackBerry device. It is not yet clear why Symantec pulled the paper (the rumor mill says it’s being saved for a conference presentation) but a quick peek at the findings suggests there might have been some external pressure involved.
Some highlights from O’Connor’s paper, which was seen by eWEEK Security Watch:
*** The BlackBerry’s “modest” security framework it is still susceptible to multiple attacks, including being used as a backdoor, allowing confidential data to be exported.
*** The BlackBerry can be used as a proxy for attackers. Some of these attacks require applications to be digitally signed, while others can be conducted without such a signature. [Read on for more]