by: Rebecca Welch
There's a new route into your company's secure data. It's the Blackberry PDA. A hacking program has been developed which exploits the relationship between the Blackberry itself, a company's internal server and the network connection to which both are attached. The hacking program works because the data tunnel between the Blackberry and the server is encrypted. Intrusions can't be detected because the protective systems, such as firewalls, exist at the perimeter of the network. This begs the question of all business owners whose employees use a Blackberry: Is your company data secure?
The hacking technique is successful because there are very few companies equipped to detect and intrusion from the inside of the network. Another reason for hacking success is the fact that companies don't see the Blackberry as a potential attack vector. The Blackberry is not your normal handheld device. It's a continuously running code machine that's always on and always connected to your internal network. It has constant direct access to whatever you give it access to and most company structures allow complete access to the internal network for their employees who use Blackberries.
BBProxy is the name of the Blackberry hacking program. It can be loaded on the Blackberry either physically or via e-mail as a Trojan horse. Once loaded, the Blackberry will call back to the hacker's system and open communication channels between the hacker and the internal network of the company. This process runs in the background behind the safety of the company's firewall scanning for hosts with vulnerabilities in security and is generally undetected.
Recently, an ad on eBay sold a Blackberry "AS IS" for approximately $15.00. While the device didn't come with a cable, synching station, software or manual, it did come with something far more valuable. This Blackberry came with a stockpile of corporate data all there for anyone to read as soon as the device was turned on. Many employees are insufficiently trained concerning security issues for the electronic devices they use on a daily basis.
Company data is stored as attachements on a server, rather than the Blackberry itself, so if a device is ever lost or misplaced someone could easily read sensitive documents. The Blackberry lacks encryption capabilities and relies instead on users locking the device with a password. Unfortunately, anyone with hacking abilities could discover the password and let themselves into the network.
The beauty of the Blackberry is that it's a do it yourself type of device. It basically allows you to take your office with you wherever you go and not be caught unprepared or without the correct documents of a given meeting. However, for individuals and companies who handle and funnel much of their business dealings through these wonderfully useful devices,both internal and external server security must be taken into account.
The hacking technique is successful because there are very few companies equipped to detect and intrusion from the inside of the network. Another reason for hacking success is the fact that companies don't see the Blackberry as a potential attack vector. The Blackberry is not your normal handheld device. It's a continuously running code machine that's always on and always connected to your internal network. It has constant direct access to whatever you give it access to and most company structures allow complete access to the internal network for their employees who use Blackberries.
BBProxy is the name of the Blackberry hacking program. It can be loaded on the Blackberry either physically or via e-mail as a Trojan horse. Once loaded, the Blackberry will call back to the hacker's system and open communication channels between the hacker and the internal network of the company. This process runs in the background behind the safety of the company's firewall scanning for hosts with vulnerabilities in security and is generally undetected.
Recently, an ad on eBay sold a Blackberry "AS IS" for approximately $15.00. While the device didn't come with a cable, synching station, software or manual, it did come with something far more valuable. This Blackberry came with a stockpile of corporate data all there for anyone to read as soon as the device was turned on. Many employees are insufficiently trained concerning security issues for the electronic devices they use on a daily basis.
Company data is stored as attachements on a server, rather than the Blackberry itself, so if a device is ever lost or misplaced someone could easily read sensitive documents. The Blackberry lacks encryption capabilities and relies instead on users locking the device with a password. Unfortunately, anyone with hacking abilities could discover the password and let themselves into the network.
The beauty of the Blackberry is that it's a do it yourself type of device. It basically allows you to take your office with you wherever you go and not be caught unprepared or without the correct documents of a given meeting. However, for individuals and companies who handle and funnel much of their business dealings through these wonderfully useful devices,both internal and external server security must be taken into account.
0 comments
Post a Comment