If you receive an email on your corporate BlackBerry that contains a picture, be careful — the image may be a cover for a sneaky online attack.
BlackBerry issued an advisory warning of a flaw in its BlackBerry Enterprise Server (BES) that an attacker, using a rigged image, could exploit to remotely take control of BlackBerry devices linked to that company's server.
(While private BlackBerry consumers receive emails directly from Research in Motion's servers, corporate consumers receive emails from their company's BES.)
The vulnerabilities exist in the way the BES processes PNG and TIFF images for display on BlackBerry smartphones. To exploit them, BlackBerry said an attacker "would need to create a specially crafted Web page and then persuade the BlackBerry smartphone user to click a link to that Web page. The attacker could provide the link to the user in an email or instant message."
With the arsenal of weapons cybercriminals' have to choose from, including spear phishing and social engineering attacks, persuading BlackBerry users to open an image in an email could, unfortunately, be quite easy.
BlackBerry has issued a patch for the vulnerability, but it's each company's responsibility to update its server. In the meantime, to avoid becoming a victim of these attacks, BlackBerry is urging corporate smartphone users to disable images and rich content for smartphones.