Blackberry Theft Pentest

[Tom McCredie <tom () mccredie co>]

Hi,

The company I work for supply a large number of employees with a company
Blackberry - I have been tasked with the job of working on a kind of
disaster scenario involving a user's Blackberry being stolen/lost and the
information that could be recovered from it. They have a security policy
whereby the user has a minimum of a six digit password with a 10 attempts
before lockout (not sure if this is handset only or handset and email
account - probably handset only).

Obviously the main object of this scenario is to gain access to the users
corporate mail account / recover email password which is also the users
windows domain login to the corporate network :-/ (not my idea) and in most
cases I'm willing to bet these users will use the same password for
corporate VPN access as they are not all technically savvy.

Does anyone have any experience of this kind of test and/or any knowledge
about data recovery from Blackberry's?

Any input welcome

Mac

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com