Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Dokumentacja Pobierz pdf (Strona 6)

Attack Surface Analysis of BlackBerry Devices

tion may result in behavior different to that outlined in this document.

This document touches on the role of backend BlackBerry Enterprise Server (BES) and BlackBerry Internet

Service (BIS) solutions, but does not go into detail about their deployment. This document also doesn’t dis-

cuss vulnerabilities in the BlackBerry device due to hardware, operating system or firmware bugs.

Architecture Overview

Operating System

While the BlackBerry utilizes a proprietary operating system, its third-party application framework is based

entirely on Java. The BlackBerry implements J2ME (MIDP2)

and CLDC

, as well as a number of RIM specif-

ic APIs

. Third party applications must be written in Java and can make use of RIM's custom classes in order

to obtain access to enhanced functionality. By default, unsigned applications have very limited access to

this enhance functionality. Applications must be signed by RIM in order to perform actions which are

deemed sensitive such as enumerating the Personal Information Manager or reading emails. Even signed

applications may require user permission to carry out sensitive actions such as initiating phone calls.

Applications targeted for BlackBerry devices are written in Java and then compiled into proprietary .cod

files. The java byte code is "pre-verified" as valid on the PC side (in accordance with J2ME standards) before

being compiled into a .cod file. It can then be transmitted to the BlackBerry for execution.

Pre-verification means that the class files are subjected to certain security checks, and then annotated to

show that these checks have been carried out

. When the JVM on the BlackBerry loads the class, it can read

this annotation, and hence perform its own verification and security checks much faster. Changes to these

annotations after pre-verification can be detected at runtime and the JVM runtime verifier will reject the

affected class files before they are executed

Code Signing

As previously mentioned, in order for an application to get full access to the API’s, the application must be

signed by RIM. In order to obtain signatures for their applications, developers must first fill out an online

form and pay a 100 USD fee to receive a developer key. RIM provides a signing tool that sends the SHA1

hash of the application to RIM. Once this hash is received by RIM they will in turn generate a signature. This

signature is then sent back to the developer and appended to the application.

When the signed .cod is loaded onto the BlackBerry, the Java Virtual Machine (JVM) links the .cod file with

the appropriate API libraries and verifies that the application has the required signatures.

If a required signature is missing, the JVM will either refuse to link the application, or calls to the controlled

API will fail at run-time with an error message. This can easily be seen by writing an unsigned application

that, for example, tries to access the phone API. The application will compile, and can be transferred to the

1 2 3 4 5 6 7 8 9 10 11 ... 38 39

Brak uwag

Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Dokumentacja Strona 6