Penetration Testing mailing list archives
Hijacking Safebrowsing Blackberries
From: Max Moser <max.moser () gmail com>
Date: Sun, 21 Mar 2010 23:53:37 +0100
During a little research we found again a nice little unique weakness in the beloved Blackberries. After a lot of stuff is published related to unsigned / signed trojaned application possibility… here is the way to distribute them (For your research education only!). You can actually force the blackberries to use the rogue access-point for Internet browsing without having special user interaction. The blackberry will not be able to reach is Enterprise server and so he decides to fail open. :-) Checkout the explanation video at http://www.remote-exploit.org/?p=479 No clue what would be possible with over the air installation or website embedded blackberry apps. Please drop us a line if you work on this topic. We might continue our journey as well..maybe joining forces? P.S. If the allow hotspot browsing policy is set to disallow then it the BB is cut off when the GPRS/EDGE/HSDA connection goes down. Maybe it would be better if the default policy was set to disallow but it is configurable. – Lets face it, you wont be able to use hostspots at all (Even when your enterprise server is available) if you switch that one on. RIM was very helpful and pointed out the “disallow hotspot browsing” policy setting….. Wow a post, which is not about backtrack ... :-) Greetings Max ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Hijacking Safebrowsing Blackberries Max Moser (Mar 23)