What is it?

With the use of the BlackBerry Enterprise Server (BES), a BlackBerry becomes a virtual computer on the corporate network, able to access any resources the BES server can. Blackjacking refers to gaining unauthorised access to a corporate network by installing a backdoor program onto a user's BlackBerry.

How does it work?

The BlackBerry platform allows users to install third-party programs by an over-the-air process. A user need only click on a specially prepared link on a web page and confirm the installation, and the program will be added to the BlackBerry applications menu. An application called BBProxy has been created that can tunnel a connection from an external host through the BES server and into the corporate network, bypassing the perimeter firewall.

Should I be worried?

Anyone could potentially provide a malicious download to a BlackBerry user, with some social engineering to entice them to install it.

How can I prevent it?

The BES server should not be located on the internal network, but rather in a DMZ where it is firewalled from all services except those the BlackBerry clients should be allowed to access. The BES server policy can be changed to disallow third-party application downloads.