PaulDotCom mailing list archives
Re: Blackberry Theft Pentest
From: Joshua Wright <jwright () hasborg com>
Date: Fri, 22 Apr 2011 11:19:13 -0400
On 4/21/2011 10:07 AM, Tom McCredie wrote:
The company I work for supply a large number of employees with a company Blackberry - I have been tasked with the job of working on a kind of disaster scenario involving a user's Blackberry being stolen/lost and the information that could be recovered from it. They have a security policy whereby the user has a minimum of a six digit password with a 10 attempts before lockout (not sure if this is handset only or handset and email account - probably handset only). Obviously the main object of this scenario is to gain access to the users corporate mail account / recover email password which is also the users windows domain login to the corporate network :-/ (not my idea) and in most cases I'm willing to bet these users will use the same password for corporate VPN access as they are not all technically savvy.
What are the resources of the adversary you are willing to defend against? This is an important question that I try to get answered for each pen-test and vulnerability assessment I do. If bypassing the PIN authentication mechanism isn't an option, you might try interfacing with the BB over USB and see what additional attack mechanisms are available, or exploit attack options if the device supports Bluetooth or WiFi even when locked. Beyond that, you may want to pursue hardware attack options, where you attempt to interface with IC's and data storage mechanisms on the device. Does the BB use traditional flash storage that you could manipulate and extract without powering on the rest of the system components? Are there SoC's that are vulnerable to reset-and-ram-dump attacks (similar to the Ember and Chipcon vulnerabilities Travis Goodspeed has published)? Depending on the security needs of your organization, you might not be too concerned about the latter attack vehicle, since it would require significant expertise and time (and tools) to extract the information. I think it is still a likely attack avenue however, bypassing any of the "client side security" mechanisms present (e.g. PINs). -Josh _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Blackberry Theft Pentest Tom McCredie (Apr 22)
- Re: Blackberry Theft Pentest Joshua Wright (Apr 23)