Hijacking Safebrowsing Blackberries

[Max Moser <max.moser () gmail com>]

During a little research we found again a nice little unique weakness
in the beloved Blackberries. After a lot of stuff is published related
to unsigned / signed trojaned application possibility… here is the way
to distribute them (For your research education only!). You can
actually force the blackberries to use the rogue access-point for
Internet browsing without having special user interaction. The
blackberry will not be able to reach is Enterprise server and so he
decides to fail open. :-)

Checkout the explanation video at http://www.remote-exploit.org/?p=479

No clue what would be possible with over the air installation or
website embedded blackberry apps. Please drop us a line if you work on
this topic. We might continue our journey as well..maybe joining
forces?

P.S. If the allow hotspot browsing policy is set to disallow then it
the BB is cut off when the GPRS/EDGE/HSDA connection goes down. Maybe
it would be better if the default policy was set to disallow but it is
configurable. – Lets face it, you wont be able to use hostspots at all
(Even when your enterprise server is available) if you switch that one
on. RIM was very helpful and pointed out the “disallow hotspot
browsing” policy setting…..

Wow a post, which is not about backtrack ... :-)

Greetings

Max

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------