Some of you may have read my blog article last year about the BlackBerry mobile device: Hacking the BlackBerry along with the associated whitepaper, Blackberry Security: Ripe for the picking? We decided not to widely distribute that paper for a number of reasons, including the fact that the model reviewed was a tad on the old side (BlackBerry 7290 circa 2004). Well, fast-forward to 2007, when I was supplied with a shiny new BlackBerry Pearl 8100 and a blank sheet of paper.
As I alluded to in my previous blog, the Pearl represents a significant departure for Research In Motion; a departure from the world of purely corporate utility, and an arrival at the world of consumer-oriented features. The device sports a beautifully stylized slimline form-factor, a 1.3 megapixel camera, and a removable media card as standard. Of course, all the features that make the BlackBerry popular with corporate users still remain, such as encrypted email and configurable IT Policies.
So, it sounds great, but is it secure?
I have written a paper examining the security on the Pearl model. In doing so, I re-examined all the major subsystems of the BlackBerry, including the features that are new to this model. For each attack scenario outlined, I also wrote a proof of concept program to make sure that the attack was actually possible. Here are a few examples:
• A multi-threaded port scanner
• A program to log voicemail/online banking PIN numbers and send them to a remote Web site
• A program to enumerate files on the BlackBerry Filesystem and optionally send a file's contents to a PC via Bluetooth Serial Port Profile
• A program to export data from the device using DTMF tones
The paper doesn't contain code samples, but it does describe how each of the above attacks could be carried out, along with many others. It also outlines in detail how to protect your BlackBerry deployment from those same attacks. So, without further ado, may I present my paper: Attack Surface Analysis of Blackberry Devices.