BlackBerry devices are a hacker’s dream, according to research by a computer security analyst.

Jesse D’Aguanno, who works for Praetorian Global, has developed a program called BBProxy that runs through the open connection between a BlackBerry and a company’s intranet.

D’Aguanno succeeded because company intrusion detection systems don’t look for attacks from inside the network.

“A BlackBerry is not your average handheld”, explains D’Aguanno to Wired News.

“It’s a code-running machine that’s always on and always connected to your internal network and has direct access to whatever you give it access to."

“And most company architectures allow it unfettered access to everything on the internal network.”

To work, BBProxy has to be installed on the machine physically or by a Trojan horse that arrives via email.

To prevent an attack, D’Aguanno recommends that companies develop a more secure back end and restrict who may download third party applications on the devices.

Research in Motion has met with D’Aguanno, and has now posted two documents containing instructions for making company cording architecture more secure.


Wired News