Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Dokumentacja Pobierz pdf (Strona 23)

Attack Surface Analysis of BlackBerry Devices

• Along with matching .jad file:

http://www.badsite.com/game.jad

• Attacker starts worm by sending an email to a BlackBerry user of the form:

From:

To: "Bob Brickhaus" <[email protected]>

Subject: Cool Game

Hey, check out this cool new game!

http://www.badsite.com/game.jad

• The user opens the .jad file, and is prompted to download and install the .cod file.

• The .cod file installs itself as a start-up process with no icon.

• The user thinks the download didn't work, and thinks nothing more of it.

• The next time the BlackBerry starts-up, the malicious code is executed.

• It enumerates the contact list, and forwards the email to everyone on the list.

• Those users open the email and the cycle continues.

Note that while this attack requires user interaction, it is not dissimilar to the level of interaction required

by successful PC based mass mailing worms such as W32.Beagle.A@mm

. Also if the .jad file in question

uses spoofed information as described in a previous section, it may encourage unwary users to run this

unsafe code.

Mitigation

You can set the following options to mitigate the attacks outlined above. See Mitigation Strategies for more

information.

Email Interception

IT Policy

Application Controls "Message Access" = Not Permitted

Device Firewall Block Incoming Messages > BlackBerry Internet Service = Ticked

Application Permissions User Data > Email = Deny

Other Device Settings

1 2 ... 18 19 20 21 22 23 24 25 26 27 28 ... 38 39

Brak uwag

Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Dokumentacja Strona 23