BlackBerry Certificates Open The Door For Trojans?
I was just reading a recap article on SearchSecurity by Patrick Gray who is attending the Kiwicon security conference in the land down under. He just reported about a presentation from Graeme Neilson of Aura Software Security about how easy it is to load a Trojan on a BlackBerry device.
Kiwicon day two got off to a cracking start on November 18 with a presentation by Graeme Neilson from Aura Software Security. He showed delegates precisely how easy it is to Trojan BlackBerrys.
But all code that runs on BlackBerrys is signed, right?
Yes, Neilson says, but the maker of the portable device, Research in Motion (RIM), isn’t too fussy about who it sells certs to. If you want to get your Trojan code signed to run on a Blackberry, just go to the Research In Motion Web-site, plug in your details, pay a fee and voila! You’re in business.
Keep in mind that this company would first have to convince you to download their application and get past you clicking on all of those “allow access to” prompts but this is still surprising. The idea behind certificates with RIM is that application developers need them to access certain modules on your BlackBerry. The problem is that now that these certificates are so easy to get…you get the point 
Previous Post: SplashID Version 4 For BlackBerry Released »
Next Post: Thanksgiving Weekend Was A Hit For RIM »
If you liked this article, you might find these interesting:
- BlackBerry Trojan Proto-Type.
- RIM Announcement: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite
- BlackBerry Curve 8330 & 8330m OS 4.5.0.175 Officially Released by Sprint
- RIM Patches BlackBerry Phishing Flaw
- Rogers releases OS 4.6.1.250 for Blackberry Curve 8900
Latest Articles:
- Review: Jawbone Prime Bluetooth Headset
- BES 5.0 SP1 Coming Next Month – Adds Open Office File Support
- Bowers & Wilkins Mobile Hi-Fi headphones
- Pandora v1.1.2.1 Released – Minor Update
