Page 1 of 2 12 LastLast
Results 1 to 25 of 31
  1. 3CISSBB's Avatar
    Banned

    Posts
    1,368 Posts
    Thread AuthorThread Author   #1  

    Default How secure is the Blackberry (a closer look)

    After a long discovery process, I have some findings I thought I'd post here for users to think over.

    Some of these are (whitepaper), and some are beyond proof of concept. Without further delay:

    *** The BlackBerry's "modest" security framework is still susceptible to multiple attacks, including being used as a backdoor, allowing confidential data to be exported.

    *** The BlackBerry can be used as a proxy for attackers. Some of these attacks require applications to be digitally signed, while others can be conducted without such a signature.

    *** While code-signing provides a potential hurdle for malicious code writers, signatures can still be obtained with relative ease and anonymity. Code-signing keys can be bought for $100 completely anonymously via the use of prepaid credit-cards. This completely undermines the ability to determine the creators of a signed application, and perhaps track them down in the case of malicious code being signed.

    *** Sending and receiving SMS (text messages) is very simple on the BlackBerry, and doesn't require the code to be signed. Users will receive a prompt the first time the program attempts to send a message, asking if they wish to allow network access, but there are no further warnings on subsequent runs of the application. The same warning is used for an application making a HTTP connection or trying to send an SMS, meaning that a user could be easily fooled into sending very expensive premium SMS messages by an application that purports to connect to the Internet for legitimate purposes.

    *** Premium rate "dialer" scams can be extended from the PC to BlackBerry devices, running up huge bills in the process. The application would work as follows:
    User downloads and runs an application (e.g. a game with "post my high-score online" option).
    If the code is unsigned, the user receives a prompt "Allow Network Access?"
    User agrees (thinking he or she is posting high scores on a Web site)
    The application proceeds to send a premium-rate SMS message in the background unknown to the users until they receive their phone bills.
    *** BlackBerry devices are susceptible to SMS interception attacks that allow hackers to send SMS via the infected device and receive the access code giving them free Wi-Fi access, while the victim is billed instead. Other SMS billable services include voting polls, parking and even using vending machines. Note that if the application is signed, the user will not even be prompted.

    *** Signed applications can send e-mail and read incoming e-mail. A malicious application could be used to allow third parties to send messages from the infected BlackBerry and also read all received messages. A malicious application could also use e-mail as a command and control channel to receive instructions to send and receive e-mails; send and receive SMS messages; add, delete and modify contacts and PIM data; read dialed phone numbers; initiate phone calls; and open TCP/IP connections.

    *** A malicious signed application can launch an e-mail worm by sending a message containing a link to a JAD (Java Application Descriptor) file. When the user opens this link, he or she will be prompted to install the worm code from a remote Web site maintained by the attacker.

    *** An attacker could use a malicious signed application to read all the PIM data (contacts, events, to-do lists). This data can be transmitted to the attacker via e-mail, TCP sockets, SMS or telephony.

    *** Data integrity stored in the PIM can be compromised by a signed application. Attack scenarios include changing the number associated with a contact name; changing the name associated with a phone number; deleting a contact, event or to-do task; changing the timing of a scheduled event; or reading all the contact names and numbers, and randomly swapping them.

    After disassembling a new Blackberry, a hacker could locate the flash where the memory dump is located. Once located, the HASH should be easy enough to find. One could either attempt to reverse-engineer the flash or Brute force it. This has been done and the finding are: encryption algo is SHA-1 and the pseudo random is ARC4.


    This is a brief look into Blackberry security and integrity. The best defense is to password protect your device, choose strong encryption and do your best not to transmit sensitive data over a cell network.


    Hope this helps some and thanks for reading.


    Chris
    Last edited by 3CISSBB; 09-08-2009 at 03:01 PM.
  2. NIKSTORM's Avatar
    CrackBerry Addict

    Posts
    972 Posts
    Global Posts
    1,416 Global Posts
    PIN
    JUST ASK
    #2  

    Default

    whats the worst that can happen my info isnt exactly natnl security
    BLAH...BLAH...SMART QUOTE...BLAH
  3. 3CISSBB's Avatar
    Banned

    Posts
    1,368 Posts
    Thread AuthorThread Author   #3  

    Default

    Well, with any kind of exploit, it all depends on what the creator has decided to design the exploit for. Same as a computer, it could steal information or simply spy on you.
  4. 3CISSBB's Avatar
    Banned

    Posts
    1,368 Posts
    Thread AuthorThread Author   #4  

    Default

    API developer keys can be bought for around $100.00 USD
  5. classc1's Avatar
    CrackBerry Abuser

    Posts
    358 Posts
    Global Posts
    360 Global Posts
    #5  

    Default

    Well....aren't you just a ray of sunshine?

    Posted from my CrackBerry at wapforums.crackberry.com
  6. ekinnee's Avatar
    CrackBerry Abuser

    Posts
    111 Posts
    PIN
    330E59DB
    #6  

    Default

    It appears that most of this requires the user to install and run malicious code. As with any platform, if the user is going to install and run crap all willy nilly like, the game was over before it started.

    There is a reason why corp/BES users at times have policies pushed to them that don't allow the change of app permissions or the install of software.

    And yes, I am a Senior Information Security Engineer. You make valid points, but I think this type of stuff has been thought of already, or are the same issues you could list for almost any device, hand held or not.
    Last edited by ekinnee; 04-02-2009 at 11:59 PM.
  7. NIKSTORM's Avatar
    CrackBerry Addict

    Posts
    972 Posts
    Global Posts
    1,416 Global Posts
    PIN
    JUST ASK
    #7  

    Default

    if you want to spy on me then go ahead....to many people with to much time on there hands...at least you are covered for stolen funds thats all that matters
    BLAH...BLAH...SMART QUOTE...BLAH
  8. 3CISSBB's Avatar
    Banned

    Posts
    1,368 Posts
    Thread AuthorThread Author   #8  

    Default

    True, most of this DOES require the user to be able to install apps and run them. However, even the BES environment has been looked over and there are several ways to (leapfrog) onto/into the corp network. Remember, even the tightest corp sec policy is at the mercy of social exploitation.
  9. zhelf's Avatar
    CrackBerry Addict

    Posts
    989 Posts
    Global Posts
    1,786 Global Posts
    #9  

    Default

    Quote Originally Posted by NIKSTORM View Post
    whats the worst that can happen my info isnt exactly natnl security
    could be bad for those who do mobile banking over their phone or use a credit card to make a purchase pending on the code installed to the phone they could steal your credit card info by keylogging and spying. so it could be bad
  10. 3CISSBB's Avatar
    Banned

    Posts
    1,368 Posts
    Thread AuthorThread Author   #10  

    Default

    Quote Originally Posted by NIKSTORM View Post
    if you want to spy on me then go ahead....to many people with to much time on there hands...at least you are covered for stolen funds thats all that matters
    No-one here is trying to 'spy' on you. This information was posted to help Enlighten people on the security of their handheld devices. Information is power. If you're not learning and evolving, you're dying.
  11. ekinnee's Avatar
    CrackBerry Abuser

    Posts
    111 Posts
    PIN
    330E59DB
    #11  

    Default

    Quote Originally Posted by 3CISSBB View Post
    True, most of this DOES require the user to be able to install apps and run them. However, even the BES environment has been looked over and there are several ways to (leapfrog) onto/into the corp network. Remember, even the tightest corp sec policy is at the mercy of social exploitation.
    Correct, there are always training issues and such to deal with. Being relatively new to the BB arena, I've not had a chance to pick apart a BES box. I do plan on doing so in the near future.

    Yeah, that's me that just added you via BBM. Hit me up if you need anything or are in the Dallas/Fort Worth area.

    3CISSBB is right, and I don't want to come off as diminishing his advice. Mobile phones harbor much more personal or sensitive info than most folks realize. Who here uses the new Wallet app, or Password Manager, or any number of other "wallet" type apps? Lord knows I do. This thing is my prosthetic brain.

    Trying out that nifty tool somebody posted an OTA link in the forums? Oh snap son! You just downloaded unverified code that auto installed on your BB. It didn't appear to do anything so maybe you think it's busted? Nah, you now have a module running that only has to ask once for permission to your data.

    We tend to trust people, most of were probably taught that people are by nature good. It's an evil world out there, 3CISS and I work in the same field. You'd be shocked at what we've seen.
    Last edited by ekinnee; 04-03-2009 at 12:16 AM. Reason: Rant/Advise/Clarification
  12. dmcgrady's Avatar
    CrackBerry Abuser

    Posts
    147 Posts
    #12  

    Default

    So are you guys saying that info in the safe on the BB is not secure?

    Posted from my CrackBerry at wapforums.crackberry.com
  13. ride365's Avatar
    CrackBerry User

    Posts
    41 Posts
    #13  

    Default

    apparently bb's are harder to wiretap then normal phones as the RCMP (canadian national police force) needs to ask to get special help from RIM to be able to get info from users.
  14. #14  

    Default

    Quote Originally Posted by dmcgrady View Post
    So are you guys saying that info in the safe on the BB is not secure?

    Posted from my CrackBerry at wapforums.crackberry.com
    Any device is potentially insecure. BB is more secure than most mobile devices but the dominance of business use makes tham a very profitable target. Good security policies properly applied should keep them safe from most threats. However they will always be vulnerable to social engineering and greedy users who install from sources they should not trust. That's called "User Error" and no security scheme can ever hope to defeat it completely. There's always one who knows enough to be dangerous.
  15. Directional's Avatar
    CrackBerry User

    Posts
    41 Posts
    #15  

    Default

    Quote Originally Posted by ride365 View Post
    apparently bb's are harder to wiretap then normal phones as the RCMP (canadian national police force) needs to ask to get special help from RIM to be able to get info from users.
    Yup..

    Criminals love the BlackBerry's wiretap-proof ways: police
    The best part of waking up is not "Folgers in your cup" , but knowing that Chuck Norris didn't kill you in your sleep.
  16. LazyStarGazer's Avatar
    CrackBerry Genius of Geniuses

    Posts
    11,124 Posts
    Global Posts
    11,766 Global Posts
    PIN
    PRICKS
    #16  

    Default

    You guys are making me nervous.

    Could someone post some details or instructions to enhance security on my bis curve?

    Maybe a good sticky, article or link?
    My ignore list:

    Mr. Marco, Joe_Fresh, kellyjdrummer, CatlinFD

    Nah nah nah nah nah nah nah!
    I can't hear you!
    Nah nah nah nah nah nah...
  17. thinkamp's Avatar
    CrackBerry Genius of Geniuses

    Posts
    9,501 Posts
    Global Posts
    9,505 Global Posts
    #17  

    Default

    well i just took lots of stuff out of my password keeper! boo that sucks!

  18. alleycat0124's Avatar
    CrackBerry Abuser

    Posts
    367 Posts
    PIN
    T of Bass Ale please!
    #18  

    Default

    Thanks for the information!
  19. #19  

    Default

    Quote Originally Posted by ride365 View Post
    apparently bb's are harder to wiretap then normal phones as the RCMP (canadian national police force) needs to ask to get special help from RIM to be able to get info from users.
    It's quite easy. It only takes one judge to issue a search warrant, and a few cops to hold the suspect in the cells until the password is disclosed.

    Of course RIM can't help anyway because any encryption keys are generated by the user (not RIM) so there's no central record. The Indian authorities took a long time to understand this recently.

    If the user has taken security seriously and uses good quality public key encryption (like PGP) the communication is for all practical purposes completely secure even if the messages are delivered to the spooks on an unprotected floppy disk.
  20. Reed McLay's Avatar
    Retired Moderator

    Posts
    9,473 Posts
    #20  

    Default

    Very informative, until now, I have felt safe....
  21. budfox's Avatar
    CrackBerry Abuser

    Posts
    146 Posts
    #21  

    Default

    If you have it, use common sense!!
    We need to talk about your TPS reports...
  22. PNWBerryAddict's Avatar
    CrackBerry Abuser

    Posts
    175 Posts
    #22  

    Default

    Quote Originally Posted by Branta View Post
    Any device is potentially insecure. BB is more secure than most mobile devices but the dominance of business use makes tham a very profitable target. Good security policies properly applied should keep them safe from most threats. However they will always be vulnerable to social engineering and greedy users who install from sources they should not trust. That's called "User Error" and no security scheme can ever hope to defeat it completely. There's always one who knows enough to be dangerous.
    Quote Originally Posted by Zrb0529 View Post
    When it comes to applications - never trust anyone

    When it comes to your phone - never trust anyone

    Posted from my CrackBerry at wapforums.crackberry.com
    Very well put. No computer or smartphone is 100% secure, so it really comes down to using good judgment and security polices as stated above.
  23. bluz's Avatar
    CrackBerry Master

    Posts
    1,193 Posts
    Global Posts
    1,199 Global Posts
    #23  

    Default

    BB is by far the most secure mobile device.
  24. phonejunky's Avatar
    CrackBerry Genius

    Posts
    2,541 Posts
    Global Posts
    2,499 Global Posts
    PIN
    33257ED2
    #24  

    Default

    People on this forum are so na´ve when it comes to bb security sometimes, for some reason BIS members still feel their phones are super protected or something lol. Blackberries are some of the most hacked devices, reason being is because important people use blackberries not just for work reasons but also have personal ones as well.

    Posted from my CrackBerry at wapforums.crackberry.com
  25. beamolite's Avatar
    CrackBerry Addict

    Posts
    819 Posts
    Global Posts
    820 Global Posts
    PIN
    2ab5b28f
    #25  

    Default

    Quote Originally Posted by CrackberryBrandon View Post
    People on this forum are so na´ve when it comes to bb security sometimes, for some reason BIS members still feel their phones are super protected or something lol. Blackberries are some of the most hacked devices, reason being is because important people use blackberries not just for work reasons but also have personal ones as well.

    Posted from my CrackBerry at wapforums.crackberry.com
    Can you provide a link to prove this?
Page 1 of 2 12 LastLast

Posting Permissions