Comments on: RIM Security VP Worried About Smartphone DDOS Attacks – Why?

By: SusanC

SusanC — Sun, 22 Nov 2009 06:56:19 +0000

Ronen,

I use SMobile Security Shield on my BlackBerry. While I’ve never had a virus, and I wouldn’t download something unless it’s from a trusted source, social engineering is a consideration. You never know…we need to be aware and realistic. After all, look at how many worms and all have been created for the iPhone in just a few months, and how many vulnerabilities they’ve found with the Droid. One can never be too safe.

By: Derek Brown

Derek Brown — Fri, 20 Nov 2009 12:33:53 +0000

Regarding number 2, I complained about this in another article when I won a free copy of Shape Service’s IM plus. The software will install, but fail to run unless you grant ALLOW for everything. I actually never even got it working, as that just screams unnecessary to me. Not that I have anything to hide, but I see no reason an IM app would need access to certain things…like input simulation. Anyway, I gave my free copy away for that very reason.

By: RIM talks about security threat of DDOS attacks on carriers at SmartPhoneCool.com

Fri, 20 Nov 2009 00:00:42 +0000

[...] is this really a big concern? I have to agree with Ronen at BerryReview, that someone stealing personal data with an application seems like a bigger concern. All you have [...]

By: DavidB

DavidB — Thu, 19 Nov 2009 22:36:36 +0000

1. Even WORSE are the hybrids…!
2. Did you see the QuickPull in order to work on OS5 wants you to change ALL default security policies to ALLOW!?! And amazingly people just blindly go off and do it! Madness. And RIM tacitly approves of such activity by failing to revoke signing keys. For all its security there is still no centralized control point by RIM that could remotely revoke an app’s ability to run or interact. BUT, would users tolerate that? Look at all the broohaha surrounding iTunes and their walled garden. RIM had the ultimate walled garden and benevolently complete control of the experience but has totally ceeded it in the name of consumer market share.

From my BlackBerry Tour…

By: Luciano

Luciano — Thu, 19 Nov 2009 22:04:05 +0000

Two big problems:

1) RIM fosters an irresponsible culture whereby people fetch shady “leaked” updates at RapidShare because there is no centralized, official distribution. RIM will be to blame when someone posts up a malicious OS somewhere and users download it without giving it a second thought because we have developed the habit of using those. This practice has led lots of Blackberry users to trust something that they shouldn’t.

2) Likewise, some applications refuse to work until you grant them access to everything or even *specifically* e-mail, PIM and personal data. Even if personal data is completely irrelevant to the purpose of the app. And nobody raises a stink about such apps. People just grant the permission because, heck, they can hardly wait to play with the toy. They just surrender the data.

These combined create the perfect ground for a “social engineering” con artist. Screw the security around the Blackberry platform from the purely technical standpoint. Just target these human vulnerabilities that both RIM and app developers have been fostering, and go to town!

By: RIM talks about security threat of DDOS attacks on carriers | BlackBerry Cool

Thu, 19 Nov 2009 21:00:20 +0000

[...] is this really a big concern? I have to agree with Ronen at BerryReview, that someone stealing personal data with an application seems like a bigger concern. All you have [...]

By: RIM talks about security threat of DDOS attacks on carriers | BlackBerry Cool

Thu, 19 Nov 2009 21:00:20 +0000

[...] is this really a big concern? I have to agree with Ronen at BerryReview, that someone stealing personal data with an application seems like a bigger concern. All you have [...]

By: DavidB

DavidB — Thu, 19 Nov 2009 19:45:09 +0000

AND, WHY is RIM seemingly powerless to force carriers to deploy an updated OS for the browser vulnerability that has been public for MANY WEEKS now? Very few carriers have released patched OS’s to date. MILLIONS of BlackBerry smartphones worldwide remain vulnerable and RIM fiddles like Nero. Luckily, nobody (that we know of anyway) has yet figured out way to really exploit it or Rome would truly be burning.

By: dev_guy

dev_guy — Thu, 19 Nov 2009 19:31:48 +0000

“Flexilis researchers have already identified virus-tainted versions of popular smartphone applications such as Google Inc’s Google Maps software and computer games.”

This is the problem. There are a lot of free application sites popping up, and you really can’t be sure what you’re getting. Even on the mobihand network I may be mistaken, but I don’t think theres any sort of review process do ensure that harmful software is being kept out.

As you said Ronen, anyone with $20 can get access to the secure API’s and find out all the information about every contact on your phone, as well as all the email conversations you’ve had, what apps you have etc. etc.

Information is money, this is what they want, and it’s not hard to get it if someone installs the program (And as this article says, you may think you’re installing something else).

By: Jamie

Jamie — Thu, 19 Nov 2009 19:10:54 +0000

I don’t think we will honestly have to worry about someone breaking into the BlackBerry OS anytime soon. In all the time we’ve had leaks I don’t think we have ever found an OS with a vulnerability. I would guess that they literally destroy / trash all builds ASAP that show any signs of insecurities.

The Java platform may be buggy / slow at times but RIM has made it damn secure.