Software exploiting how mail is transmitted could siphon confidential information from company computers, warned security firm Secure Computing.
The software, BBProxy, first unveiled at the recent Defcon hacker convention by researcher Jesse D'Aguanno, bypasses normal network security, disguised as an innocent attachment.
"A malicious person could potentially use this back channel to move around inside an organization unabated and remove confidential information undetected or use the back channel to install malware on the network," according to the security firm.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iIn a statement warning of the risks for companies, Secure Computing suggested companies isolate their BlackBerry servers from the Internet.
D'Aguanno suggested to hackers attending the Defcon meeting that his program was the first Trojan to target the BlackBerry device.
For the attack to work, users would need to open the attached application. To overcome any hesitation, D'Aguanno said the program could be disguised as a game.
Secure Computing's Paul Henry said the real security threat is an over-reliance on the encrypted connection between devices. Henry said companies are very casual in deploying BlackBerry servers.
Scott Totzke, RIM's director of global security, called the claims "categorically incorrect."
While not discounting the threat of attachments, Totzke said BlackBerry users cannot e-mail applications.