Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Spécifications

WHITE PAPER: SYMANTEC SECURITY RESPONSEAttack SurfaceAnalysis ofBlackBerry DevicesJames O’ConnorSymantec Security Response, Ireland

Attack Surface Analysis of BlackBerry DevicesDevice FirewallFirewall options can be set on the BlackBerry by going to the following menu:Options >

Attack Surface Analysis of BlackBerry DevicesIT PolicySource: Protecting the BlackBerry device platform against malware.9Application Control PolicyPol

Attack Surface Analysis of BlackBerry DevicesApplication Control Policy (continued)Source: Protecting the BlackBerry device platform against malware.9

Attack Surface Analysis of BlackBerry DevicesApplication PermissionsSee the section titled "BIS Deployment" for information on how to setup

Attack Surface Analysis of BlackBerry DevicesLegend:F: Firewall A: Application Control/Permissions I: IT Policy O: Other Device SettingsAll but one of

Attack Surface Analysis of BlackBerry Devicesexhibit similar behavior.18Typically however the screen which presents the contents of the .jad file is o

Attack Surface Analysis of BlackBerry DevicesBlackBerry Persistence Model• Proprietary• Application needs to be signed• Can store any object that impl

Attack Surface Analysis of BlackBerry Devicesthey may not pose a risk to the BlackBerry itself, they may infect other computers that the BlackBerry is

Attack Surface Analysis of BlackBerry DevicesAuto start-up and Background processesSigned applications can start themselves automatically whenever the

Attack Surface Analysis of BlackBerry Devices• User downloads and runs an application (e.g. game with "post my high-score online" option).•

Attack Surface Analysis of BlackBerry DevicesSMS BackdoorA signed malicious application could use SMS as a command and control channel for a backdoor.

Attack Surface Analysis of BlackBerry DevicesBluetoothThe BlackBerry Pearl 8100 has increased Bluetooth support compared to some of its predecessors.

Attack Surface Analysis of BlackBerry DevicesMitigationYou can set the following options to mitigate the attacks outlined above. See Mitigation Strate

Attack Surface Analysis of BlackBerry Devices• Along with matching .jad file:http://www.badsite.com/game.jad• Attacker starts worm by sending an email

Attack Surface Analysis of BlackBerry DevicesBackdoorWormPIM Data (Personal Information Manager Data)The PIM Database stores Contacts, Events, and To-

Attack Surface Analysis of BlackBerry DevicesData TheftA malicious signed application could read all the PIM data (including that mentioned in the tab

Attack Surface Analysis of BlackBerry Devicesattacker may be able to obtain another BlackBerry SIM from the same network provider, which uses thesame

Attack Surface Analysis of BlackBerry DevicesBackdoorA malicious application could establish a connection to the attacker, and then accept commands th

Attack Surface Analysis of BlackBerry DevicesProxy/Firewall BypassBackdoorPort ScanHTTP / WAPThe BlackBerry supports HTTP and WAP connections via the

Attack Surface Analysis of BlackBerry DevicesApplication sends:http://www.badsite.com/whatnow?Web site returns:COMMAND=DELETE_ALL EMAILCOMMAND=FORWARD

White Paper: Symantec Security ResponseContentsIntroduction...

Attack Surface Analysis of BlackBerry DevicesBackdoorHTTP ProxyTelephonyThe telephony API net.rim.blackberry.api.phone cannot be utilized by unsigned

Attack Surface Analysis of BlackBerry DevicesSigned applications can also invoke the phone application that comes with the BlackBerry to initiate phon

Attack Surface Analysis of BlackBerry DevicesPhoneCall.getDTMFTones() method to retrieve the string of tones entered by the user and hence their PINco

Attack Surface Analysis of BlackBerry DevicesCall Record Monitoring / Bypassing Caller Verification Systems / Telephony Data Theft / Premium Rate Call

Attack Surface Analysis of BlackBerry Devicesinteraction to succeed. However protection via user judgement cannot be overestimated, as it has beenprov

Attack Surface Analysis of BlackBerry DevicesAppendix AThe table below illustrates which features of the BlackBerry API require code signing, which ca

Attack Surface Analysis of BlackBerry DevicesReferences1 BlackBerry Java Development Environment Version 4.2.0 Fundamentals Guide, RIM.http://www.blac

Attack Surface Analysis of BlackBerry Devices21 Connected Limited Device Configuration 1.1 (CLDC) Specification, Java Community Process.http://jcp.org

About SymantecSymantec is the global leaderin information security, providinga broad range of software,appliances, and services designedto help indivi

White Paper: Symantec Security ResponseWorm...

Attack Surface Analysis of BlackBerry DevicesIntroductionThe BlackBerry device and supporting platform are developed by Research In Motion (RIM), a Ca

Attack Surface Analysis of BlackBerry Devicestion may result in behavior different to that outlined in this document.This document touches on the role

Attack Surface Analysis of BlackBerry DevicesBlackBerry using thejavaloader utility, but when the user attempts to execute it, they get an error such

Attack Surface Analysis of BlackBerry DevicesIt's worth mentioning that the signing keys are encrypted on the host by default, and the user must

Attack Surface Analysis of BlackBerry DevicesSource: Manual inspection of the BlackBerry device.9Permission Default Value (BIS) Allowable valuesConnec