Security Hole Claimed for BlackBerrys

Iria · Jan 4, 2006, 12:48 AM

New research released over the weekend indicated that BlackBerrys -- the ubiquitous handheld devices favored by on-the-go types -- are vulnerable to a security hole that could let attackers break in to the gadgets by convincing users to open a specially crafted image file attached to an e-mail.

The information was released at the 22nd Chaos Communication Congress hacker convention in Berlin by this guy -- "FX" of the security research group Phenoelit.

Research in Motion Ltd., the Canadian company that makes the devices, said it is a previously reported issue "that has been escalated internally to our development team. No resolution time frame is currently available." RIM's advisory downplays the threat, saying that "a corrupt Tagged Image File Format (TIFF) file sent to a user may stop a user’s ability to view attachments. There is no impact on any other services (for example, sending and receiving messages, making phone calls, browsing the Internet, and running handheld applications to access a corporate network)."

RIM didn't mention anything about the flaw allowing attackers to download and execute programs on the targeted device, but I'm left wondering whether they escalated this because of just such a threat. I obviously didn't hear FX's talk, but an alert released over the weekend by US-CERT says remote code execution is possible.
__________
Read More / Source: Washington Post

Jan 4, 2006, 12:48 AM	#1
Iria DriverHeaven Extreme Member Join Date: Apr 2004 Posts: 7,275 Rep Power: 89	Security Hole Claimed for BlackBerrys New research released over the weekend indicated that BlackBerrys -- the ubiquitous handheld devices favored by on-the-go types -- are vulnerable to a security hole that could let attackers break in to the gadgets by convincing users to open a specially crafted image file attached to an e-mail. The information was released at the 22nd Chaos Communication Congress hacker convention in Berlin by this guy -- "FX" of the security research group Phenoelit. Research in Motion Ltd., the Canadian company that makes the devices, said it is a previously reported issue "that has been escalated internally to our development team. No resolution time frame is currently available." RIM's advisory downplays the threat, saying that "a corrupt Tagged Image File Format (TIFF) file sent to a user may stop a user’s ability to view attachments. There is no impact on any other services (for example, sending and receiving messages, making phone calls, browsing the Internet, and running handheld applications to access a corporate network)." RIM didn't mention anything about the flaw allowing attackers to download and execute programs on the targeted device, but I'm left wondering whether they escalated this because of just such a threat. I obviously didn't hear FX's talk, but an alert released over the weekend by US-CERT says remote code execution is possible. __________ Read More / Source: Washington Post