Skip to main content
BBC NEWS / TECHNOLOGY
Graphics VersionBBC Sport Home
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Health | Science & Environment | Technology | Entertainment | Also in the news | Have Your Say |
Wednesday, 9 August 2006, 10:40 GMT 11:40 UK

Hijacked handheld turns data spy

Man using Blackberry in factory, Research In Motion A booby-trapped game of noughts and crosses has been used to show how a Blackberry can be hijacked to steal confidential data.

Created by a security researcher the game contains malicious code that turns the popular mobile e-mail device into a backdoor into corporate networks.

Dubbed "blackjacking" the technique is thought to be the first to try to take advantage of the Blackberry.

The creator of the hijack code intends to release it publicly in mid-August.

Download danger

The Blackberry handheld has become hugely popular in the business world as it gives staff access to their work e-mail account while they are out and about. In July 2006 Research In Motion, the makers of the Blackberry, said it had more than 5.5 million subscribers.

The method of using a Blackberry to penetrate corporate networks was demonstrated at the Black Hat hacker conference by researcher Jesse D'Aguanno of security firm Praetorian Global.

Mr D'Aguanno said the Blackberry was a good choice for penetrating business networks because the gadgets were always switched on, stayed connected to a company and were so powerful that they could run programs installed on them.

By tricking someone into downloading and installing the booby-trapped game, perhaps via e-mail, Mr D'Aguanno demonstrated how the Blackberry can become a secret route that takes attackers behind firewalls and defeats security measures.

"A malicious person could potentially use this back channel to move around inside of an organization unabated and remove confidential information undetected or use the back channel to install malware on the network," said Paul Henry of Secure Computing in a statement.

Mr D'Aguanno said he would release his hijacking code, called BBProxy, to researchers.

Research In Motion (RIM) played down the threat from Mr D'Aguanno's work and said he made "several reaching assumptions" about how corporates use the Blackberry.

RIM said Blackberry handhelds could only run third-party programs, such as games sent to them via e-mail, if the permission is explicitly granted by network administrators. Access to wider corporate networks is typically limited too, it said.

RIM has also updated its security site to show users more secure ways of using the Blackberry handheld and to avoid falling victims to trojans that hide malicious code.


E-mail this to a friend
Related to this story:
RSI danger from excessive texting (09 Jun 06 |  Health )
Mobile e-mail minnow stalks big beasts (14 May 06 |  Business )
Blackberry users stay connected (06 Mar 06 |  Business )
Settlement ends Blackberry case (06 Mar 06 |  Business )
Pickpockets turn to technology (17 Nov 03 |  Technology )
Nude worm tempts World Cup fans (21 Jun 06 |  Technology )

RELATED INTERNET LINKS
Research In Motion
Blackberry
Praetorian Global
Black Hat
Secure Computing
The BBC is not responsible for the content of external internet sites


SEARCH BBC NEWS: 
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Health | Science & Environment | Technology | Entertainment | Also in the news | Have Your Say |

NewsWatch | Notes | Contact us | About BBC News | Profiles | History

^ Back to top | BBC Sport Home | BBC Homepage | Contact us | Help | ©