5. BlackBerry
• BlackBerry Enterprise Server (BES)
• BlackBerry Internet Service (BIS)
Sunday, November 8, 2009
6. Diagram
http://smartphone.nttdocomo.co.jp/english/blackberrybold/blackberryservice/img/index/dgm_diagram.gif
Sunday, November 8, 2009
7. BB Proxy
• Attack BES network
• Defcon 2006 presented by Jesse D’aguanno
• Making a Blackberry Device as a gateway to
internal Network
Sunday, November 8, 2009
8. Attacking Anatomy
Server Apps Server BB User
INTERNAL LAN
Firewall
INTERNET
Attacker
Sunday, November 8, 2009
9. Attacking Anatomy
Server Apps Server BB User
INTERNAL LAN
Connecting into Attacker
Computer
Firewall
INTERNET
Attacker
Sunday, November 8, 2009
10. Attacking Anatomy
Connecting into App Server
Server Apps Server BB User
INTERNAL LAN
Connecting into Attacker
Computer
Firewall
INTERNET
Attacker
Sunday, November 8, 2009
11. Attacking Anatomy
Connecting into App Server Device as a proxy
Server Apps Server BB User
INTERNAL LAN
Connecting into Attacker
Computer
Firewall
Attacker 0wned Internal
Network
INTERNET
Attacker
Sunday, November 8, 2009
15. Stunnel
• Setup 2 SSL connection
• SSL Connection from BB device to
Attacker machine
• SSL Connection from Attacker machine
to BB Real Server
Sunday, November 8, 2009
19. Attacking Anatomy
search rcp.ap.blackberry.com
DNS Server
rcp.ap.blackberry.com
216.9.240.88
WIFI
RIM Network
Attacker - 133.7.133.7
Sunday, November 8, 2009
20. Attacking Anatomy
rcp.ap.blackberry.com
133.7.133.7
search rcp.ap.blackberry.com
DNS Server
rcp.ap.blackberry.com
216.9.240.88
WIFI
RIM Network
Attacker - 133.7.133.7
Sunday, November 8, 2009
21. Attacking Anatomy
rcp.ap.blackberry.com
133.7.133.7
search rcp.ap.blackberry.com
DNS Server
rcp.ap.blackberry.com
216.9.240.88
Tcp/443
WIFI Tcp/8888
Tcp/443
RIM Network
Tcp/8889
Attacker - 133.7.133.7
Sunday, November 8, 2009
38. Mitigation
• Password Your Device
• Turn On Firewall
• Encrypt your Data/Media Card
• Controlling downloded application
• Protecting GPS location
• Connect to Legitimate Wifi Network
Sunday, November 8, 2009
39. References
• Attack Surface Analysis of Blackberry Devices - symantec
• BlackBerry: Call to Arms, some provided - Ftr & FX of
Phenoelit
• BlackJaking:0wning the Enterprise via BlackBerry - x30n
• Bugs & Kissess: Spying on Blackberry User for Fun - Sheran
Gunasekera
• Seberapa Amankah Infrastruktur WIFI Blackberry device anda
- y3dips & chopstick
Sunday, November 8, 2009
40. Greetz
• Hermis Consulting
• Sheran Gunasekera
• staff@echo.or.id
• Info Komputer
Sunday, November 8, 2009