Blackjacking is a technique used to connect internally to a corporate network using a typical BES device. It was announced at DefCon a few years back and is hardly new.
How does this work, and what are the ways to reduce risk from this exploit?
Security – How does Blackberry “blackjacking” work from a technical or developers perspective
blackberryfirewallhackingSecurityvpn
Related Topic
- IT Security – How to Search for Backdoors from Previous IT Personnel
- Should remote machines connected via VPN be visible to other machines on the same local network
- Security – How to exploit data being written to file
- Security – Our security auditor is an idiot. How to give him the information he wants
- Security – Network printer exploited (read: hacked) to print antisemitic documents. How to fix
Best Answer
In short... exploiting a blackberry device or BES... to attack your LAN directly. There's several ways of accomplishing it. Email-based exploited PDFs are probably most common, as they can affect the BES server directly or turn the endpoint into a proxy for attacks. What most people don't realize is that a BES server will proxy ALL traffic for any device registered to it. If the BES server is not properly kept in a secure DMZ, you can use the server to attack your network from the inside.
If a handset is exploited (using any means), anything your BES server is attached to can be attacked. Any mail or other communications processed by the BES server could also potentially also exploit the BES server and use it as a proxy.