More BlackBerry image problems: RIM warns of BES security vulnerabilities

BlackBerryIf it weren’t enough finding themselves (rather unfairly in my point of view) in the firing line regarding how the BlackBerry Messaging service (BBM) was being used by British riotors, with calls for the service to be suspended, RIM now finds itself with a different kind of BlackBerry image problem.

RIM, the firm behind the popular BlackBerry smartphone, has issued a warning that a number of vulnerabilities have been found in its enterprise software (known as BlackBerry Enterprise Server, or BES).

According to RIM, if the vulnerabilities were exploited by remote hackers they could run malicious code on the BlackBerry Enterprise Server run by many firms.

Specificially, the problem is with the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent, and how they process PNG and TIFF images for rendering on the BlackBerry handheld devices.

In this particular case, the threat is that BlackBerry users could be tricked into clicking on a link or visit a boobytrapped webpage, taking them to a malformed image file.

It’s important to underline that these are not vulnerabilities in the BlackBerry smartphones themselves. Like other BlackBerry-related vulnerabilities we’ve seen in the past, the potential attack is against the BlackBerry Enterprise Server used by businesses.

The risk is that by exploiting the flaw, hackers might be able to plant malicious code on your BlackBerry Enterprise Server that opens a backdoor for remote access.

Depending on how your network infrastructure is set up – intruders might be able to see into other parts of your network and steal information.

Alternatively, the hackers’ code might cause your systems to crash – perhaps interrupting communications.

RIM has issued updates that resolve the vulnerabilities in versions of the BlackBerry Enterprise Server and the BlackBerry Enterprise Server Express. You can find out more on their website.



BlackBerry blog hacked after London riots

London riotsLondon and other cities in the United Kingdom have been hit by riots for the last few days.

Many of those responsible for the looting, arson and rioting which has hit British streets are believed to be teenagers, and the BlackBerry Messenger service (BBM for short) is believed to have played a key role in assisting rioters organise their activities.

Unlike systems like Twitter where messages are searchable by the public, BBM is a closed system which makes it easy for users to secretly send one-to-many messages to their contacts, instantly and with no cost.

Its low price compared to Android and iPhone smartphones and the BBM technology has helped make the BlackBerry a popular choice amongst British teenagers. According to Ofcom, an astonishing 37% of British teenagers have a BlackBerry.

So, maybe it’s no surprise that some people don’t like to read that RIM, the company behind BlackBerry, plans to assist the Metropolitan Police with their investigation or news reports that a BlackBerry messenger “curfew” may be introduced to interfere with rioting.

This afternoon, BlackBerry’s official blog was hacked, and a message posted by “TriCk – TeaMp0isoN”.

Defaced BlackBerry blog

Part of the message, which threatened to release details of RIM employees, reads:

Dear Rim;
You Will _NOT_ assist the UK Police because if u do innocent members of the public who were at the wrong place at the wrong time and owned a blackberry will get charged for no reason at all, the Police are looking to arrest as many people as possible to save themselves from embarrassment... if you do assist the police by giving them chat logs, gps locations, customer information & access to peoples BlackBerryMessengers you will regret it, we have access to your database which includes your employees information; e.g - Addresses, Names, Phone Numbers etc. - now if u assist the police, we _WILL_ make this information public and pass it onto rioters... do you really want a bunch of angry youths on your employees doorsteps? Think about it... and don’t think that the police will protect your employees, the police can’t protect themselves let alone protect others.... if you make the wrong choice your database will be made public, save yourself the embarrassment and make the right choice. don’t be a puppet..

p.s - we do not condone in innocent people being attacked in these riots nor do we condone in small businesses being looted, but we are all for the rioters that are engaging in attacks on the police and government... and before anyone says "the blackberry employees are innocent" no they are not! They are the ones that would be assisting the police

- TriCk - TeaMp0isoN -

It’s not clear at this point whether the hackers managed to post on BlackBerry’s blog because of a software vulnerability, or because one of their administrators had his password cracked.

Although there may be questions asked as to whether the British police have enough resources to control the rioters on London’s streets, the people who have hacked the BlackBerry blog might be wise to reminder themselves that the Metropolitan Police has just quadrupled the size of its cybercrime-fighting division.