Saturday, March 28, 2009

Protecting the BlackBerry smartphone and BlackBerry Enterprise Server against malware

Third-party applications that are designed to disrupt and cause damage to computer systems are collectively known as malware and include the following:

  • Viruses - they replicate themselves by attaching to legitimate applications on a computer.
  • Trojan horses - they are disguised as, or embedded within, legitimate applications. Trojan horse applications operate by convincing the user to take some action rather than by exploiting flaws in the security design or configuration of the target computer.
  • Worms - they replicate themselves to spread across networks and potentially overwhelm computer systems. A worm is self-contained and does not need to be part of another program to propagate itself.
  • Spyware - this is designed to log user activities and personal data and send it back to the attacker.

Some malware attacks may target BlackBerry smartphones. Attackers may attempt to use malware to execute attacks that are designed to do one or more of the following:

  • steal personal and corporate data
  • create a denial of service (DoS) attack to make a corporate network unusable
  • access a corporate network using corporate BlackBerry smartphones

Description

A presentation by Jesse D'Aguanno, a consultant with Praetorian Global, demonstrated how a BlackBerry smartphone user can download a Trojan horse application onto the BlackBerry smartphone. Malware attacks such as these are possible on any unsecured device, including a computer, smartphone, or personal data assistant (PDA).

When the BlackBerry smartphone user runs the Trojan horse application, if the BlackBerry Enterprise Solution security tools are not set to control third-party applications on the BlackBerry smartphone, the Trojan horse may gain access to systems on an internal network.

Note: Some Internet coverage of Jesse D'Aguanno's malware demonstration inaccurately reports that a malicious user can successfully initiate an attack by sending a Trojan horse application to a BlackBerry smartphone user using an email attachment. The BlackBerry Attachment Service is designed to prevent malicious applications from accessing data on the BlackBerry smartphone by using binary format parsing to open attachments and prepare them to be sent to the BlackBerry smartphone. The BlackBerry smartphone does not run an application sent as an attachment in an email message. Therefore, an email attachment cannot be used to successfully deliver Trojan horse applications to a BlackBerry smartphone user.

Troubleshooting

Whether a BlackBerry Enterprise Server administrator pushes trusted third-party applications to BlackBerry smartphones or freely permits BlackBerry smartphone users to download third-party applications, BlackBerry smartphones are designed to prevent attackers from using malware to access a corporate network and BlackBerry smartphones in the following ways:

  • When you try to download any kind of application, by default, the BlackBerry smartphone first downloads a small portion of the application to determine the hash and to verify whether the application is permitted on the BlackBerry smartphone.
  • In BlackBerry Manager, BlackBerry Enterprise Server administrators set IT policies and Application Control Policies to control the manual or automatic installation of third-party applications on BlackBerry smartphones. Administrators also use these policies to control third-party application access to their organization's BlackBerry smartphone resources and applications.
  • Administrators can also place the BlackBerry Enterprise Server in multiple network segments by installing each component on a remote computer, then placing each component in its own network segment.

Using IT Policy and Application Control Policy Rules

The BlackBerry Enterprise Server provides IT policy and Application Control Policy rules to control third-party applications using the following methods:

  • Preventing BlackBerry smartphones from downloading any third-party applications over the wireless network.
  • Either requiring or preventing the installation of specific third-party applications.
  • Controlling the permissions of third-party applications that exist on BlackBerry smartphones.

Note: By default, BlackBerry smartphones can install all third-party applications until the BlackBerry Enterprise Server administrator uses one or more of these methods to control the installation of these applications on BlackBerry smartphones.

Using Segmented Network Architecture

Placing the BlackBerry Enterprise Solution components in a segmented network architecture is an option designed to prevent the spread of potential attacks from one BlackBerry Enterprise Solution component, which is installed on a remote computer, to another computer within a LAN. In a segmented network, attacks are isolated and contained on one computer.