Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

PoC trojan a new burden for BlackBerry devices

A security researcher has developed a proof-of-concept trojan that could hack into organizations that have BlackBerry servers behind their firewalls.

The trojan, called BBProxy by Secure Computing, can be installed on a BlackBerry mobile device or downloaded via email.

The malware can then open a hack back to the victim's network, meaning that malicious users could use the backdoor to access information from a network, according to Secure Computing.

Jesse D'Aguanno, consultant with Praetorian Global and the trojan's creator, said today that real world application of such malware is "not all that far-fetched."

"Most malware for portables or handhelds either exploit or uncover data on the handheld itself, while this exploits the trust relationship between the BlackBerry and the server itself," he said. "In some ways the security implications are quite low because (the malicious users) would have to have access to a device. Say it was sent in a link in an email, downloaded to the device, all the user would see is a tic-tac-toe game in the background."

Paul Henry, vice president of strategic accounts for Secure Computing, said this is the first time BlackBerries have encountered such malware that skips past encryption.

"Whenever you bring encryption into the equation, people tend to get very casual about looking at security the endpoint," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.