Cool, thanks will read more about it.
Hi guys! Just thought you might want to check this out.
BlackBerry Corporate Architecture
The Blackberry is a mobile device that creates a direct connection to the corporate network. By doing so it becomes a virtual extension of the internal network, bypassing the corporate firewall.
Typical BlackBerry Functionality:
The Blackberry Enterprise Server (BES) creates an outbound persistent connection to the RIM network.
The Blackberry device is then virtually connected to the internal network and will remain in an always on, always connected state.
In the Blackberry architecture only the security of the data on the handheld itself is considered, and not the impact of the handheld on the rest of the network. Since Blackberries are essentially computers with a constant connection to the corporate LAN, and not treated like other remote access applications, a vulnerability in the system is exposed. This vulnerability is now primed to be exploited by code like
How It Works
The BBProxy exploit is installed to the device as a Trojan posing as a legitimate application. While the application is running BBProxy runs in the background creating an outbound socket connection from the device to the attacker controlled host on the internet.
From the attacker controlled host a subsequent socket connection is made to a second host which also includes internal hosts. The Blackberry then acts as a proxy for all data transferred between hosts.
Now the attacker has the ability to directly communicate with any port on an internal host from
an external host – Right through the Blackberry handheld.
Once connected, the connection is available to any exploit within the corporate network.This leads to exploitation
of vulnerable services found behind the corporate firewall.
Here is the link http://www.smobilesystems.com/homepa....jsp?lang=null
Here is the OTA link www.smobilesystems.com/mobile
Cool, thanks will read more about it.
You are welcome!
A fool always finds a greater fool to admire him. Fools admire, but men of sense approve.
Thanks for sharing!
If you are a BES admin, it would be better to polish the skills with the IT Policy that is provided be RIM. This can lock down a BB device as needed easily. Also, for the BES server have some firewall enabled to restrict incoming and outgoing ports and destinations. Treat the BES as a public interface when designing your security model and you will be fine. I feel that software like this is unnecessary. The company is grasping at straws a marketing angle to induce fear, uncertainty and doubt. Read about the key points of the this software and ask yourself, "do I really need this? What is my risk?" Now read up on that BB IT Policy.
Thanks for posting this topic as it can lead to good discussion.
I installed the SMobile VirusGuard and it seems to run smoothly on the device, however, it does not seem to protect the device from anything beyond the conceptual BBProxy exploit, and I am not sure if it does that effectively.
I contacted the people at Smobile, and they first confirmed that there seems to be a problem with the software. Then, they claimed that they were able to fix the problem and they could prove it on one of the devices, but they would not offer me any method of testing my device to confirm that the software is working. They have not responded to me since then.
I have gone so far as to install the EICAR test string on the device, where it happily resides with no problem. The string is detected only if I plug my device into a machine running a different anti-virus product. I have visited infected web pages using the handheld browser with not so much as a PEEP from the VirusGuard software.
I am not looking to trash Smobile systems. Rather, I am trying to see if perhaps I am testing it incorrectly, or if I have incorrect assumptions about how it should function.
Any help or advice you can offer would be greatly appreciated.