BlackBerry warns of TIFF vulnerability that could allow malware to run on enterprise servers

by Graham Cluley on February 18, 2013 | Leave a comment

Filed Under: BlackBerry, Denial of Service, Featured, Malware, Mobile, Vulnerability

Blackberry Enterprise ServerIf you are responsible for administering the BlackBerry phones used by staff at your company, there's some important security news.

According to a BlackBerry security advisory published last week, vulnerabilities exist that could allow remote hackers to run malicious code on the BlackBerry Enterprise Server (BES) software run by many firms.

The flaw, which has been rated as "high severity", involves how BlackBerry's enterprise software handles TIFF image files on webpages, in emails, and in instant messages.

According to BlackBerry's advisory:

Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.

Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server.

Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.

In short, a malicious hacker could create a boobytrapped TIFF image file and either trick a BlackBerry smartphone user into visiting a webpage carrying the image, or embed the malicious image directly into an email or instant message.

According to BlackBerry, the BlackBerry Messaging Agent flaw does not even require a user to click on a link or view an email for the attack to succeed.

The risk is that by exploiting the flaw, hackers might be able to plant malicious code on your BlackBerry Enterprise Server that opens a backdoor for remote access.

Depending on how your network infrastructure is set up - intruders might be able to see into other parts of your network and steal information.

Alternatively, the hackers' code might cause your systems to crash - perhaps interrupting communications.

It's important to underline that these are not vulnerabilities in BlackBerry smartphones themselves. Like other BlackBerry-related vulnerabilities we've seen in the past, the potential attack is against the BlackBerry Enterprise Server used by businesses.

As more and more companies are waking up to the risk of targeted attacks with the apparent intention of stealing data and spying on activities, such a vulnerability is clearly a serious concern.

The good news is that BlackBerry has not received any reports of attacks targeting its enterprise customers, but obviously it is still a very good idea for affected customers to update their software as soon as possible. The company has published workarounds for those businesses who may not be able to quickly update their installation of Blackberry Enterprise Server.

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.