I was just reading a recap article on SearchSecurity by Patrick Gray who is attending the Kiwicon security conference in the land down under. He just reported about a presentation from Graeme Neilson of Aura Software Security about how easy it is to load a Trojan on a BlackBerry device.

Kiwicon day two got off to a cracking start on November 18 with a presentation by Graeme Neilson from Aura Software Security. He showed delegates precisely how easy it is to Trojan BlackBerrys.

But all code that runs on BlackBerrys is signed, right?

Yes, Neilson says, but the maker of the portable device, Research in Motion (RIM), isn’t too fussy about who it sells certs to. If you want to get your Trojan code signed to run on a Blackberry, just go to the Research In Motion Web-site, plug in your details, pay a fee and voila! You’re in business.

Keep in mind that this company would first have to convince you to download their application and get past you clicking on all of those “allow access to” prompts but this is still surprising. The idea behind certificates with RIM is that application developers need them to access certain modules on your BlackBerry. The problem is that now that these certificates are so easy to get…you get the point

This entry was posted on Wednesday, November 28th, 2007 and is filed under News.

Tagged with:

You can follow any responses to this entry through the Comments Feed. Leave A Trackback..

Previous Post: SplashID Version 4 For BlackBerry Released »
Next Post: Thanksgiving Weekend Was A Hit For RIM »
Related Reading:

• RIM Announcement: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite
• RIM Announcement: Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server
• Ten Reasons You KNOW You’re a Blackberry Addict

Latest Posts:

• Free and Premium Themes from Kristy
• iBold - Elecite’s Very First Blackberry BOLD Theme
• Prevention is easier than the Cure?