Blackjacking not biggest threat to BlackBerrys
Market leading IT security company NTA Monitor has identified key security issues facing companies whose staff use a BlackBerry and is urging them not to take their eye off the ball and concentrate solely on the so-called 'blackjacking' threat. Recent testing by NTA has found that the danger posed by BlackBerry hijacking, 'blackjacking', is minimal compared to the real threats that lie in a lack of security closer to home, such as losing a BlackBerry that isn't password protected.
Although blackjacking can offer some unique attack methods, it generally poses no greater threat than a normal Trojan being emailed to somebody's desktop PC. Whilst a BlackBerry allows a person direct access to their email, in most cases an attacker would have to send a link that directs the user to a malicious website, as BlackBerrys are normally configured not to allow software to be installed via email attachments.
NTA has found that many BlackBerry users don't password protect their devices and that the BlackBerry architecture can be insecure if no firewalls are used to separate the BlackBerry server from the internal network. BlackBerry servers are also often left in a default state, with no limitation given to what software can be installed or whether intranets can be accessed.
NTA's Technical Director Roy Hills says: "Taking the time to securely configure BlackBerry servers is essential; many companies do not define what functionalities these servers permit BlackBerry devices to have and they are usually left in a default state. Many of these same companies would find it inconceivable to have this approach towards mobile laptop users. There is a lot of confusion about BlackBerry security and we are concerned that companies may focus their security efforts in the wrong area to disastrous effect."
This article was first released on: 17th October 2007