BlackBerry Proof-Of-Concept: Facts and Fiction

I know we’ve covered this somewhat, and with a new whitepaper out by the Juniper Networks/SMobile Systems from their Global Threat Center, I decided to bring the paper to you, outlining what’s important and what you need to know. Why does it apply to you? It’s just always good to know what to be wary of, such as…

SMobile Systems are the creative force behind the SMobile Systems Security Shield, and were acquired by the Juniper Networks. The whitepaper was the presentation that the Global Threat Center gave at the Hacker Halted Conference. This whitepaper is the latest in their information about security for mobile. Here’s some of the information you’ll read:

It asks if you would run your pc without an antivirus of some sort. It goes into details such as in 2012 it’s projected that 65% of phones will be smartphones. And online banking on mobile has already hit 1 million by Bank Of America alone. Enterprises have voiced that one of their main concerns as a challenge is mobile security with a 41%.

Some of the facts about BlackBerry is that there a very few known vulnerabilities, transport data is encrypted, and there’s no remote installation without user permission.

However, a device can be lost, and if there’s an app downloaded that allows the device to be controlled remotely, then the person on the other end has access to the data on the phone. The paper brings up the example of the Etisilat software “update”.

Let us not forget the common commercial spyware. People are willing to spend $50 to $400 on such type of software. This type of spyware can give you access to all kinds of information off someone’s phone. But here’s the truth of the matter. It must be installed. Therefore, if someone you know has access to your phone and installs it (such as a worried spouse or significant other) or you are sent an app and install it in good faith without knowing what you’re installing.

So what is spyware? If the application icon is hidden, if the user doesn’t have information about an app’s activity, and the user didn’t provide consent for the app’s installation. What is remote monitoring? The app has a visible icon, the user can control and monitor the operation, and users agree on certain invasion of their privacy.

The paper gives examples of phishing, spyware, and trojans and how a hacker can use them.

I like the advice at the end about enabling your native firewall on your BlackBerry device, using encryption, setting the device password, and not to let others use your phone. As technology advances, so should our knowledge and how we use technology and safeguard our information.

The best advice aside of password protecting your phone is also to not download everything you are sent or see, before checking out the app and finding out if it’s from a reliable source. Even enterprise, as in the Etisalat incident are not immune. I recommend using a security application for your BlackBerry to protect it, but if you choose not to do so, at least be on guard.

You can read the whitepaper in it’s entirety from the SMobile Systems/Juniper Networks Global Theat Center here

You can also keep up to date on the latest mobile threats at the Global Threat Center here

SMobile Security Shield is available for various mobile devices, as well as the BlackBerry. You can find the product for an annual subscription of $29.99 here.

Filed in: BlackBerry, Security, Software | Tags: BlackBerry, Global Threat Center, Juniper Networks, Proof-Of-Concept, Security, Security Shield, SMobile Systems