Research in Motion has sought to downplay the threat of the BBproxy programme, saying that such exploits are possible on any mobile device and denying that it was an architectural problem with the Blackberry system.
When asked whether enterprises could guard against the attack, Scott Totzke, director of the global security group at RIM said that the Blackerry Enterprise Server was already equipped to handle threats. “Absolutely. That’s what these tools are there for,” he told Mobile Europe sister site www.communications-news.com.
Totzke said that BES contained 255 rules through which administrators could define IT policy and application control.
A white list could be set up to allow only specific third-party applications, he said.
Privileges can also be established by user and/or application, including defining network access. RIM further encourages businesses to segment networks to reduce the damage that a hacker could inflict.
RIM was reacting to news of a software program written by security researcher Jesse D’Aguanno which exploits the trust between a BlackBerry and the network to open a route into corporate resources. He says he will release the program in the next few days.
“Because it’s a handheld device, most people don’t think it’s something that can actually harm the rest of your internal network,” D’Aguanno told wired.com.
“But a BlackBerry is a code-running machine that’s always-on and always connected to your internal network and has direct access to whatever you give it access to. Most company architectures allow it unfettered access to everything on the internal network.”
RIM has publicly reacted to the promised release of D’Aguanno’s software by publishing two documents advising network managers how to protect their networks against malware threats.