IE 11 is not supported. For an optimal experience visit our site on another browser.

BlackBerry's armor has cracks, security experts say

Two pieces of spyware surfaced over past year, demonstrating that "malware" could be used to target BlackBerry devices or servers, and get around current security.
/ Source: Reuters

Research in Motion's resistance to giving governments access to its BlackBerry network misses a major point — authorities could probably hack the data on their own if they want it badly enough, security experts say.

Indeed, a major attack against BlackBerry users by a telecom in the United Arab Emirates employed that very tactic a year ago, according to RIM. Experts say other malicious programs are likely to be lurking around, readying to be sprung.

India, Lebanon, Saudi Arabia and the United Arab Emirates say they need RIM's cooperation so they can decode messages scrambled with BlackBerry's proprietary technology. They have threatened to restrict RIM's operations if the company won't meet their demands, which they say are driven by national security concerns.

But if RIM doesn't back down, the governments themselves could instead choose to hack into the BlackBerry network.

"I could design a good hundred ways to gain access," said Bruce Schneier, a security expert who is chief security technology officer for BT.

Officials with Canada's RIM did not respond to a request for comment.

Security experts say they'd almost certainly attack at the network's most vulnerable points: the BlackBerry smartphone itself and the BlackBerry server. Those two pieces of equipment sit at either end of the network where they offer would-be hackers access to unscrambled data.

Last year's attack in the UAE is a good example of how a hacker might work. It employed spyware created by SS8, a closely held U.S. security firm, RIM says.

Emirates Telecommunications Corp, the UAE's largest telecoms operator, sent the program to its BlackBerry disguised as a software update. It told its customers that the it would enhance the performance of their equipment, but RIM says it was mainly intended to tap into their communications.

The telecom declined comment at the time.

RIM said it quickly discovered the so-called "malware" because of a glitch in its implementation, and told users not to install it on their phones. But hackers might go undetected, experts say.

To prove the point, a security researcher named Tyler Shields released a spyware program earlier this year for attacking BlackBerrys via the handset. It allows hackers to intercept messages that reach the device and use its microphone to tap conversations in the immediate vicinity of the phone.

"I wanted to demonstrate that BlackBerry handhelds are susceptible to spyware," said Shields, who works for the Burlington, Mass.-based security firm Veracode Inc.

The program, dubbed TXSBBSpy, did not include installation software as Shields never intended it to be used. He only wanted to show the BlackBerry was not unhackable.

A successful attack on a Blackberry Enterprise Server could prove even more devastating because each server manages data for hundreds of users.

Hackers could write code to take advantage of vulnerabilities in the software that runs those servers, said Chet Wisniewski, senior security adviser at Sophos, anti-virus software maker. Such a program would allow outsiders to view messages from all the users hooked up to the computer via their handsets.