Security Basics mailing list archives

Re: how do you secure a blackberry

From: Aarón Mizrachi <unmanarc () gmail com>
Date: Wed, 29 Jul 2009 00:59:51 -0430

On Miércoles 29 Julio 2009 00:32:58 Joseph Williams escribió:

Atleast with Verizon, when you battery pull the phone. The service books
that are pushed out by the provider are repushed out. My girlfriend's
sprint blackberry comes with some "Quick Launch" icons and a small program
from Sprint. Every time she has to battery pull they are redownloaded.

Joe


Yes, is the service provided by the seller.  if you bought your phone from a 
trusted/minimal one, you will be clear. 

And... The small program, i think, does not came with service books, probably 
are inserted as a ".cod" into the program memory. That can be partially/fully 
cleaned. Some operators also provide you themes, and booting images, to 
"personalize" your blackberry.

The blackberry device consist in a ARM processor with  different memory 
parts... I suppose that are structured as follows:

- ARM processor firmware 
- ROM Memory (PIN, IMEI)
- Vendor Information Memory (Boot logo, vendor code, other information) 
(Possibly ROM)
- Basic Blackberry OS Memory  (Lock information, basic connectivity)
- Program Memory (Blackberry programs inserted and updated by the desktop 
manager, themes, whatever)
- Blackberry Databases (Device information, Service Books, Configurations, 
Calls, whatever) and files
- SD Memory


-----Original Message-----
From: Aarón Mizrachi [mailto:unmanarc () gmail com]
Sent: Tuesday, July 28, 2009 11:51 PM
To: joseph.s.williams () gmail com
Subject: Re: how do you secure a blackberry

On Miércoles 29 Julio 2009 00:03:03 joseph.s.williams () gmail com escribió:

http://www.berryreview.com/2009/01/22/faq-explanation-of-each-blackberr
y-se rvice-book-type/ Sent from my Verizon Wireless BlackBerry


I already read that looking in google. Seems to be a configuration for some
services.

I run my blackberry with a foreign country service book, since i bought my
blackberry on a foreign country, and the limitation is very low (mms, tcp
connections, and others). But, i'am connected to bis without issues.

I don't know if the service book are automatically updated when i turn on
my blackberry.

---

In the past i tried to mitm my blackberry connection through some software
for ssl mitm, and my surprise was that the data encrypted with SSL is also
encrypted with another algorithm into.

But, how a "mechanism for connections" could be transformed in "software
installer"?


Regards.
Aaron.

;-)

-----Original Message-----
From: Aarón Mizrachi <unmanarc () gmail com>

Date: Tue, 28 Jul 2009 23:45:47
To: Joseph Williams<joseph.s.williams () gmail com>
Subject: Re: how do you secure a blackberry

On Martes 28 Julio 2009 13:17:45 usted escribió:

This isn't true. Through "Service Books" a provider can basically push
anything software they want to the device.

Joe


how?.

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Aarón Mizrachi
Sent: Tuesday, July 28, 2009 1:26 AM
To: Shawn Merdinger
Cc: security-basics () securityfocus com; enquiries () globalart4u com
Subject: Re: how do you secure a blackberry

On Lunes 27 Julio 2009 15:38:20 Shawn Merdinger escribió:

Hi Aarón,

On Wed, Jul 22, 2009 at 1:55 PM, Aarón Mizrachi<unmanarc () gmail com>


wrote:

The answer:
deciding not to install the update.


I don't think it is that simple if the service provider is pushing
down software and controls the update process.  For the user to
decide not to install the update, the user must be presented with a
choice. If the install is done silently over the network in the
background, then there is no choice for the user.


cheers, i don't really had a time to take a look in deep on this


specific

case.

I'm talking the "generic". Usually, the blackberry handheld device does
not came with an automatic update software owned by your "telephony
provider" or rim. Therefore and moreover, any update should be done by
hand.

Moreover, real software updates provided by RIM should be installed


using

the desktop manager application. Usually this is not an automatic


process

and sometimes requires your handheld password to be done.

I understand that you can download blackberry updates from rim websites
according to your provider, but the trust rely in RIM who publish this
software.

Cheers,
--scm


-- 
Ing. Aaron G. Mizrachi P.    

http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503
BBPIN: 0x 247066C1

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

how do you secure a blackberry Enquiries @ Globalart 4u (Jul 22)
- Re: how do you secure a blackberry Shawn Merdinger (Jul 22)
- Re: how do you secure a blackberry Jon Janego (Jul 27)
- Re: how do you secure a blackberry Aarón Mizrachi (Jul 27)
  - Re: how do you secure a blackberry Shawn Merdinger (Jul 27)
    - Re: how do you secure a blackberry Aarón Mizrachi (Jul 28)
    - RE: how do you secure a blackberry Joseph Williams (Jul 28)
    - RE: how do you secure a blackberry Steve Armstrong (Jul 29)
    - Message not available
    - Re: how do you secure a blackberry joseph . s . williams (Jul 29)
    - Message not available
    - RE: how do you secure a blackberry Joseph Williams (Jul 29)
    - Re: how do you secure a blackberry Aarón Mizrachi (Jul 29)
    - Re: how do you secure a blackberry Nicholas Harvey (Jul 29)
    - Re: how do you secure a blackberry Kurt Buff (Jul 29)
- RE: how do you secure a blackberry Ramki B Ramakrishnan (Jul 29)
  - Re: how do you secure a blackberry Shawn Merdinger (Jul 29)
    - RE: how do you secure a blackberry Ramki B Ramakrishnan (Jul 30)
- <Possible follow-ups>
- Re: how do you secure a blackberry Mayank Aggarwal (Jul 22)
  - Re: how do you secure a blackberry Andrew Kuriger (Jul 27)