I am usually called the paranoid security guy with the tinfoil hat. When I was reading a recent quote by Scott Totzke, RIM’s VP of BlackBerry Security, even I was kind of taken back. He claims that one day hackers could use BlackBerrys/Smartphones to attack wireless networks. This is kind of interesting since it is plausible but very unlikely and against RIM’s whole concept of the BlackBerry being impervious to malware and viruses due to their containment principles.
Totzke claims that hackers would be able to commandeer thousands of smartphones to create a DDOS (Dynamic Denial of Service) against a carrier. The funny part is that this already happens whenever you go to a convention and try to make a phone call while thousands of other people are making calls… Or better yet anybody try to get data service while you were at DevCon?
Even the recent “Malware” applications for BlackBerry require the user to be stupid enough to download the malware program to their BlackBerry in the first place. Even RIM is proud to say that you do not need Antivirus software on a BlackBerry and uses this exact “Containment” principle to justify why it is unnecessary.
Now getting back to Totzke’s claim that hackers would use smartphones to perform a DDOS attack this concept does not really work. Cellphone carriers could easily deactivate the connection of any device that has been compromised since they own the devices. It would be like saying that Verizon had to worry about their DSL users performing a DDOS attack on themselves… They could just cut the line.
What RIM should really be worried about is hackers finding a way to get to your personal information or read data on your device. This is a valid threat that RIM really has no way to address. Anybody with $20 and a name can get a RIM code signing key and write their own application that accesses this private information and API’s. RIM would be in a sticky situation trying to fix such an issue because they have caved to the all powerful carrier which makes every OS update take 6 months to get to market. What if RIM had a zero day vulnerability in OS 5.0? How would they fix it? I have always been curious if RIM has a mechanism to push out updates to all devices on BIS just like they do for BES. Or even a remote switch where they could disable applications remotely… The irony is that the Reuters reporter recommends installing a RIM patch to keep your device secure but how do you do that if your carrier does not release a updated OS?
So now I am just confused… What do you think?