What is it?
With the use of the BlackBerry Enterprise Server (BES), a BlackBerrybecomes a virtual computer on the corporate network, able to access anyresources the BES server can. Blackjacking refers to gainingunauthorised access to a corporate network by installing a backdoorprogram onto a user's BlackBerry.
How does it work?
The BlackBerry platform allows users to install third-party programs byan over-the-air process. A user need only click on a specially preparedlink on a web page and confirm the installation, and the program will beadded to the BlackBerry applications menu. An application called BBProxyhas been created that can tunnel a connection from an external hostthrough the BES server and into the corporate network, bypassing theperimeter firewall.
Should I be worried?
Anyone could potentially provide a malicious download to a BlackBerryuser, with some social engineering to entice them to install it.
How can I prevent it?
The BES server should not be located on the internal network, but ratherin a DMZ where it is firewalled from all services except those theBlackBerry clients should be allowed to access. The BES server policycan be changed to disallow third-party application downloads.