releasing the source code for their Blackberry Attack toolkit. (this is available here )
this toolkit enables anyone with sufficient knowledge to build malware into a simple utility, or worse into an attachment to an email message.
now most users these days are warned often and constantly about opening or following a link from an unknown source.
with the advent of mobile devices and units such as the blackberry, there is not that much caution regarding sensible web browsing, in a lot of cases your standard executive or office employee who is given a device such as a blackberry will not associate it as being the same as the computer, and even then,
a large number of the non-technical public (and many of the technical crowd) are still badly affected by spyware and malware on their home PC.
so the biggest risk to your corporate environment from an attempted Blackjacking attack will be via malicious code downloaded to the unit from a website.
the next and still very high risk is from utilities and games.
all it would take would be someone with malicious intent to create a utility or game that contains malware code within it.
then distribute the game, and wait for the individual units to let the author know they are ripe for the picking.
now, there are anti-virus solutions available out there, however I would be interested to know how they handle the following sorts of scenario:
- neat little utility is created, or addictive little game with good replayability.
- utility or game is completely free of malware, with only a little piece of code that asks the users permission to check for an update, or perhaps compare their highscore to others, or their friends.
- utility then checks for "update" update process provides author with address of the blackberry, and the fact that one has been updated along with downloading the new "patch" which contains more functionality.
- the first piece of functionality would be that which the user would like
- the second is the nasty piece of code opening your network to the attacker.
- once this has been done, the attacker could pick and choose who and where they would attack, including small, next to undetectable probes to find the easiest or perhaps best targets.
Other related posts:
iPhone Rates and Plans with Vodafone
Apple, Apple, Apple. whats going on Steve? don't like my signature?
The best web based iPhone app yet! Scenario Poker for the iPhone.