Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Specifikace stáhnout pdf (Strana 19)

Attack Surface Analysis of BlackBerry Devices

• User downloads and runs an application (e.g. game with "post my high-score online" option).

• If the code is unsigned, the user receives a prompt "Allow Network Access?"

• User agrees (thinking they are posting their high-scores on a Web site)

• The application proceeds to send a premium rate SMS message in the background unbeknownst to the

user until they receive their phone bill

Note that if the application is signed, the user will not be prompted. A

signed application could simply appear to do nothing when executed, but

actually just place itself in the background and begin sending premium

rate SMS messages. However if the user has activated the device firewall,

they will get a prompt similar to Figure 10. Appropriate Application

Permissions would also prevent this attack. Please refer to the Mitigation

Strategies section for more information.

SMS Interception

Unsigned applications can both send and receive SMS messages. A mali-

cious application could be used to allow third parties to send and receive

messages from a compromised BlackBerry.

The application would work as follows:

• User downloads and runs an application (e.g. game with "post my high-score online" option).

• If the code is unsigned, the user receives the prompt "Allow Network Access?"

• User agrees (thinking they are posting their high-scores on a Web site).

• User quits the game, but the application simply sets itself to run silently in the background.

• Application sends a notification SMS to attacker.

• Any incoming SMS messages are forwarded to the attacker.

• The attacker can also send SMS messages via the infected device.

Furthermore, many services are available that can be billed via SMS messages using what is typically

termed micro payments. For example, Wi-Fi access can often be obtained by sending an SMS to a number

and waiting for a response that contains an access code. SMS interception allows an attacker to send an

SMS via the infected device and receive the access code giving them free Wi-Fi access, while the victim is

billed instead. Other SMS billable services include television or radio voting polls, parking, and even vend-

ing machines.

Note that if the application is signed, the user will not be prompted. (Unless Firewall and/or Application

Permissions are in place.)

Figure 10: Firewall prompt for outgoing

SMS message

1 2 ... 14 15 16 17 18 19 20 21 22 23 24 ... 38 39

Žádné komentáře

Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Specifikace Strana 19