Information Security News mailing list archives
D'Aguanno demonstrates Blackberry attack
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 17 Aug 2006 03:32:58 -0500 (CDT)
http://www.theinquirer.net/default.aspx?article=33735 By Tony Dennis 16 August 2006 A SECURITY consultant with Praetorian Global [1], Jesse D'Aguanno, has presented his RIM Blackberry attack at Defcon CTF in Las Vegas. It outlines in detail how he´s been able to hack straight into a corporate LAN via a Blackberry. The Powerpoint presentation sent to The INQ show exactly how somebody might decide to break into a network that´s running the RIM BES server and then do exactly what he or she likes. Worse still for RIM, D'Aguanno, has not only posted the presentation slides on the Praetorian site, he´s also made the requisite tool - BBproxy - available for download too. The INQ suspects that this guy isn´t fooling around and that the hack will very definitely work. There´s also a superb bit of irony hidden away in D'Aguanno´s presentation. He shows how any code a hacker might want to post on the BES server needs a private key. Buy a credit card with cash - in this case an American Express gift card - and it is dead easy to get certified by RIM and be given the appropriate key to run a .cod file to talk to RIM´s APIs. And it only costs $100 to do so. Now that´s a loophole even if all of the rest D'Aguanno says is smoke and mirrors. It´s going to be interesting to see what exactly RIM´s response is. µ [1] http://www.praetoriang.net/
_________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
Current thread:
- D'Aguanno demonstrates Blackberry attack InfoSec News (Aug 17)