BlackBerry Users At Risk
Attention all BlackBerry users! You are vulnerable to remote attacks by hackers.
It has been reported by Blackberry security advisory that it is possible for hackers to infiltrate BlackBerry Enterprise Server. Hackers can also run malicious code on BES which is used by many companies. These exploits are considered to be grave in nature.
According to BlackBerry security advisory:
Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server.Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.
The hacker can trick the user into visiting a webpage that carries out the attack or embeds a malicious code directly into an email or instant message. BlackBerry Enterprise Server is mainly involved in this method and it depends on how it handles TIFF image files which are being viewed by the BlackBerry user. According to some reports, these images/links do not even need to be clicked or an email to be viewed for the attack to begin.
The biggest concern is that through the attack, hackers might succeed into planting malicious code on BES which allows remote access to it. This would lead to information being stolen from your network. Hackers may also be able to crash or interrupt communications through this exploit.
BlackBerry phones are not the root cause of these attacks. BES used by companies is the vulnerable software here. Therefore, you do not need to throw your BlackBerry out.
There haven't been any reports on attacks being carried out on BlackBerry customers but we request our readers to update their phones as soon as possible before you become a victim and your personal information is stolen from you.
BlackBerry has published workarounds from the companies who may not succeed in updating their BES.
About the Author:
This article is written by Dr. Sindhia Javed Junejo. She is one the core members of RHA team.