Wired has a nice write up on Jesse D’Aguanno’s Blackberry trojan attack. I must admit I love attending Black Hat and Defcon conferences as it affords me the chance to sit and talk with the likes of Kevin Mitnick, GrandMaster Ratte and Jesse “X30n” D’Aguanno to name drop a few. Now, an interesting lunch time conversation has become all the buzz in the security space. Jesse,
has developed a hacking program that exploits the trust relationship between a BlackBerry and a company’s internal server to hijack a connection to the network. Because the data tunnel between the BlackBerry and the server is encrypted, intrusion detection systems at the perimeter of the network won’t detect the attack.
The technique is successful, D’Aguanno says, because most companies aren’t equipped to detect someone trying to deliver an exploit from inside the network. It also works because few companies view the BlackBerry as a plausible attack vector.
Having had this discussion with clients in the past I can safely say that he has hit this one right on the head. No one sees Blackberrys as a problem. All the while these are a perfectly plausible attack vector. Glad to see someone drag this one out into the light.
[tags]Blackberry Trojan, Hacker, Jesse D’Aguanno, x30n, Attack Vector[/tags]