Experts warn network not as safe as claimed by its maker
Boston:
Research in Motion's (RIM's) resistance to giving governments access to its BlackBerry network misses a major point - authorities could probably hack the data on their own if they want it badly enough, security experts say.
Indeed, a major attack against BlackBerry users by a telecom in the UAE employed that very tactic a year ago, according to RIM. Experts say other malicious programs are likely to be lurking around, readying to be sprung.
India, Lebanon, Saudi Arabia and the UAE say they need RIM's cooperation so that they can decode messages scrambled with BlackBerry's proprietary technology. They have threatened to restrict RIM's operations if the company won't meet their demands, which they say are driven by national security concerns.
But if RIM doesn't back down, the government themselves could instead choose to hack into the BlackBerry network. "I could design a good hundred ways to gain access," said Bruce Schneier, a security experts who is chief security technology officer for BT.
Officials with Canada's RIM refused to comment.
Security experts say they'd almost certainly attack at the network's most vulnerable points" the BlackBerry smartphone itself and the BlackBerry server. Those two pieces of equipment sit at either end of the network where they offer would-be hacker access to unscrambled data.
Last year's attack in the UAE is a good example of how a hacker might work.It employed spyware created SS8, a US security firm, RIM says.
RIM said it discovered the "malware" because of a glitch in its implementation, and told users not to install it on their phones. But hackers might go undetected, experts say.
To prove the point, security researcher Tyler Shields released a spyware program for attacking BlackBerries via the handset. It allows hackers to intercept messages that reach the device and use its microphone to tap conversations in the immediate vicinity of the phone.
"I wanted to demonstrate that BlackBerry handhelds are suseptible to spyware," said Shield, who works for the Burlington, Massachusetts-based security firm Veracode Inc software as Shields never intended it to be used.
THE PRECEDENT
Last year, Emirates Telecommunications Corp, the UAE's largest telecoms operator, employed spyware created by SS8, a closely held US security firm.
It sent the program to its BlackBerry customers disguised as a software update
It told its customers the 'update' would enhance the performance of their equipment, but the spyware was mainly intended to tap into their communications
No comments:
Post a Comment