Dailydave mailing list archives

Re: Immunity's Guide to Being Mobile and Secure

From: Marco Ivaldi <raptor () mediaservice net>
Date: Thu, 21 Apr 2011 09:57:09 +0200 (ora legale Europa occidentale)

Hi Todd,

On Wed, 20 Apr 2011, Todd Haverkos wrote:

[snip]

Curious as to your thoughts, or anyone else's on whether Blackberry is
even as much of a liability to the enterprise as XP.


Just wanted to contribute a few random thoughts about BlackBerry in the 
enterprise.

I agree with you on the fact that the BlackBerry Enterprise platform 
provides comprehensive granular control over the handhelds and can be 
configured to enable a degree of protection suitable for most 
environments. In this aspect, it can be considered superior to other 
smartphones (I haven't had the chance to play with Windows Phone 7 yet).

That said, in my experience as a security analyst I've verified in the 
field that most BlackBerry Enterprise deployments are indeed configured in 
an insecure way and are therefore vulnerable to a broad spectrum of 
security attacks, such as: malware infection, remote access to the private 
network (most of the time admins don't bother to separate the different 
BES components on different servers, and don't apply proper ACLs in order 
to prevent attacks generating from the BES itself), traffic logs stealing 
(the logging of all phone calls and MDS connections is enabled by default, 
and logs are stored unencrypted on disk), a range of wireless attacks 
(including some attacks on WPA Enterprise PEAP-MSCHAPv2 that also affect 
the iPhone and Android platforms), etc.

The bottom line is: the BlackBerry solution can be extremely robust, if 
configured properly following RIM's recommendations. But in practice, it 
usually represents a huge attack opportunity for a remote threat agent. 
Probably even more than Windows XP, mainly because of its mobile 
always-connected-to-the-private-network nature.

Cheers,

-- 
------------------------------------------------------------------
Marco Ivaldi                          OPSA, OPST, OWSE
Senior Security Advisor
@ Mediaservice.net Srl                Tel: +39-011-32.72.100
Via San Bernardino, 17                Fax: +39-011-32.46.497
10141 Torino - ITALY                  http://www.mediaservice.net/
------------------------------------------------------------------
PGP Key - https://keys.mediaservice.net/m_ivaldi.asc

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Immunity's Guide to Being Mobile and Secure dave (Apr 18)
- Re: Immunity's Guide to Being Mobile and Secure Todd Haverkos (Apr 20)
  - Re: Immunity's Guide to Being Mobile and Secure Timothy Shea (Apr 21)
  - Re: Immunity's Guide to Being Mobile and Secure Marco Ivaldi (Apr 21)