The BlackBerry device and supporting platform are developed by Research In Motion (RIM), a Canadian software and hardware company based in Waterloo, Ontario. One of the BlackBerry’s main selling points is that it provides an integrated wireless messaging system, providing push email access over cellular wireless networks throughout the world. Another major factor in the BlackBerry’s popularity is its comprehensive and systematic approach to security. BlackBerry devices are versatile, and can be used for a range of functions including telephony, SMS, email, and Web browsing amongst other things.BlackBerry users can generally be divided into two camps: consumers who bought and own their BlackBerry, and enterprise end-users who are given the use of a BlackBerry by their employers. Consumer devices are generally configured to use BlackBerry Internet Service (BIS), while enterprise devices are generally configured to use BlackBerry Enterprise Server (BES). In a BIS environment, the end-user is generally responsible for the appropriate configuration of security measures. In a BES environment, the end-user has a certain amount of control, but security is usually enforced by the enterprise, via the use of an IT Policy and Application Controls. More comprehensive controls are available in a BES deployment than in a BIS deployment, and the default configuration of an enterprise device is generally more constrained than the equivalent consumer deployment of that device (for example, the firewall is enabled by default). See the Mitigation section for more details.While the BlackBerry solution has a comprehensive inbuilt security framework at both device and server level it is still susceptible to a number of potential attacks. These attacks vary in the degree to which the user is involved but include, the device being backdoored, allowing confidential data to be exported from the device and the device being used as a proxy for attackers 8. Some of these attacks require applications to be digitally signed thus limiting their likelihood, while others can be conducted by unsigned code. However none of the attacks are purely autonomous with all requiring the user to be convinced to perform a number of actions in order to be successful. Also, the viability of such attacks depends largely on the configuration of existing controls on the BlackBerry device: i.e. Firewall, Application Control and IT Policy setup. Using these available security mechanisms greatly reduces the risks associated with the attacks outlined herein.
Posted with WordPress for BlackBerry.