[转载]Blackberry security:Ripe for the picking
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])[b]Introduction[/b]
The Blackberry platform is developed by Research In Motion, a Canadian company based in Waterloo,
Ontario. Its main selling point is that it provides an integrated wireless messaging system, providing
corporate email access over cellular wireless networks throughout the world. Blackberry devices can
be used for telephony, SMS, email, and even web browsing.
While the Blackberry has a modest security framework, it is still susceptible to multiple attacks
including being used as a backdoor, thus allowing confidential data to be exported, and being used as
a proxy for attackers. Some of these attacks require applications to be digitally signed, while others
can be conducted without such a signature.
This document will present an analysis of the Blackberry device architecture and related application
attack scenarios. It will also distinguish what can be done with signed versus unsigned code.
This research is based on the Blackberry 7290SF with version 4.0 of the Blackberry Software, but
should be applicable to most modern Blackberry Models. This document does not discuss backend
Blackberry Enterprise Server (BES) software or vulnerabilities in the Blackberry device due to software,
hardware, or firmware bugs.
It's important to note that Blackberry devices are often significantly customized by network providers
and vendors before they are sold to users, and this customization can introduce additional attack vectors
not necessarily discussed in this document.
页:
[1]