Blackberry open to attack, RIM warns users

Two recently announced vulnerabilities in BlackBerry Enterprise Server permit a malicious attack that can prevent users from being able to open e-mail attachments, or disrupt the flow of information between BlackBerry Enterprise Server and BlackBerry Router, the system’s developer, Research In Motion Ltd. (RIM), said Tuesday.

The first vulnerability allows an attacker to use a corrupt TIFF image file to cause a heap overflow error that can stop a user’s ability to view attachments, RIM said. The vulnerability was demonstrated on Dec. 30 at the 22nd Chaos Communication Conference in Berlin. That same day, the U.S. Computer Emergency Readiness Team (US-CERT) issued an advisory noting the existence of the vulnerability and referred users to RIM for remediation.

In a posting on its support Web site, RIM said it was aware of the vulnerability and will fix the problem in future releases of BlackBerry Enterprise Server. In the meantime, the company suggested that administrators use a workaround that blocks TIFF attachments.

Detailed information on the workaround is available at this Web site.

The second vulnerability was also demonstrated at the Chaos Communication Conference and noted by US-CERT. This vulnerability is exploited by sending malformed protocol packets that cause a denial of service for all BlackBerry Enterprise Server communication. This vulnerability normally applies only to internal users but can be exploited by an external attacker who is able to manipulate DNS (Domain Name System) queries, RIM said.

The company advised customers to ensure that the BlackBerry Enterprise Server and BlackBerry Router are behind a properly configured firewall to protect them from external attacks. It also advised companies to create static entries in their DNS or hosts tables for the BlackBerry Infrastructure to minimize the risk of DNS hijacking.

RIM has said it will eliminate this vulnerability in a future software release.

Additional information can be found at this Web site.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now