发新话题
打印

[转载]Blackberry security:Ripe for the picking

[转载]Blackberry security:Ripe for the picking

信息来源:邪恶八进制信息安全团队(www.eviloctal.com

Introduction
The Blackberry platform is developed by Research In Motion, a Canadian company based in Waterloo,
Ontario. Its main selling point is that it provides an integrated wireless messaging system, providing
corporate email access over cellular wireless networks throughout the world. Blackberry devices can
be used for telephony, SMS, email, and even web browsing.
While the Blackberry has a modest security framework, it is still susceptible to multiple attacks
including being used as a backdoor, thus allowing confidential data to be exported, and being used as
a proxy for attackers. Some of these attacks require applications to be digitally signed, while others
can be conducted without such a signature.
This document will present an analysis of the Blackberry device architecture and related application
attack scenarios. It will also distinguish what can be done with signed versus unsigned code.
This research is based on the Blackberry 7290SF with version 4.0 of the Blackberry Software, but
should be applicable to most modern Blackberry Models. This document does not discuss backend
Blackberry Enterprise Server (BES) software or vulnerabilities in the Blackberry device due to software,
hardware, or firmware bugs.
It's important to note that Blackberry devices are often significantly customized by network providers
and vendors before they are sold to users, and this customization can introduce additional attack vectors
not necessarily discussed in this document.

附件

Blackberry security:Ripe for the picking.rar (107 KB)

2008-3-26 00:34, 下载次数: 889

曾几何时,有人对我说:装B遭雷劈。我说:去你妈的。于是,这个人又对我说:如果再说脏话,上帝会惩罚你的。我说:我操上帝。结论:彪悍的人生不需要上帝。

TOP

发新话题