Compromised BlackBerrys Could Steal Data

A researcher with Praetorian Global, a security company, has developed a game of tic-tac-toe that features malicious code—called BBProxy—that can be employed to hijack Research in Motion’s (RIM) uber-popular BlackBerrys, as well as other handhelds, and turn them into mechanisms for pilfering confidential information, BBC News reports.

Jesse D’Aguanno, the creator of the BBProxy code and the derivate game, plans to release the code to additional researchers this month, according to BBC News.

The concept of using code like D’Aguanno’s BBProxy has been named “blackjacking,” and it presents a potential threat to businesses because of the widespread popularity and usage of the devices for e-mail connectivity across corporations.

D’Aguanno showed off his code at the Black Hat hacker conference, BBC News reports. The researcher said the exploit could be particularly damaging to enterprises that use BlackBerrys because the devices are constantly kept activated and they’re powerful enough to run applications that are installed on them, according to BBC News.

Paul Henry of Secure Computing, another Web security firm, said in a statement, “A malicious person could potentially use this back channel to move around inside of an organization unabated and remove confidential information undetected or sue the back channel to install malware on the network,” according to BBC News.

RIM said the risk to users of its handheld was exaggerated by D’Aguanno and that programs from third parties can be run on corporate BlackBerrys only if network administrators grant specific permission, BBC News reports. The company also added security precautions and BlackBerry usage best practices on its site to help its users avoid falling victim to malicious ploys, according to BBC News.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.