Updated 25 May, 2012, 10:12 am IST

BlackBerry Gets Its First Trojan

13 Mar, 2008, 5:00 pm IST | by Shayne Rana |

Varun Srivastava, the Business Development Head at APPIN Security Group that just happens to be a leading player in ethical hacking and information security, has recently come out with a Whitepaper on what causes hacking of BlackBerry phones, whether it is secure/ lawfully interceptible, and how can it be avoided. Needless to say, BlackBerry users are probably fretting right about now, as most offices these days issue some of their executives, especially the ones that are constantly traveling, with Blackberry handsets.

What the guys at APPIN have stated is simply, as soon as a Trojan for the BlackBerry is out and making its rounds, Blackberry users are going to have a problem with keeping their data secure. A hacking code called the BB Hacking toolkit, which comes with the Blackberry Trojan called BBProxy is what can be deployed into a BlackBerry server and it’s ‘Troy’ all over again. What this deceitful Trojan does is open up a back-door to the company’s BlackBerry Enterprise Server (BES) and the information stored is then up for grabs. In technical terms it will bypass all the company’s security systems that protect data stored on the servers. Not only can the hacker simply remove information undetected they could also infect the system itself.

Since the communications channel between the BlackBerry server and handheld device is encrypted and cannot be properly inspected by typical security products, a tunnel is usually opened by the administrator to allow the encrypted communications channel to the BlackBerry server inside the organization's network. When launched, BBProxy opens up its own hidden tunnel between the BlackBerry and the user's corporate network, as the hack runs in the background.

Thanks to the R and D conducted by APPIN, they also enclosed a few countermeasures in their Whitepaper release –

To counteract this potential threat Secure Computing recommends isolating servers that face the public internet, including a BlackBerry server and the mail server working with it, in their own Demilitarized Zone (DMZ), which would reduce the risk of a compromised server providing access to other critical servers.

The BlackBerry server and mail server should also not be permitted to open arbitrary connections to the internal network or Internet, and internal users should not be permitted to open arbitrary connections to either the BlackBerry server or mail server.
There is something like 250 plus commands that allow the administrator to have full control over how the BlackBerry as a platform is used by the users within the BlackBerry Enterprise Server community.

This gives administrators full control over what third party applications can be installed on employee handheld for example. Setting one policy can disable unwanted software altogether. So you never have to worry about malware or anything else that's not authorized.