BlackBerry warns of TIFF vulnerability that could allow malware to run on enterprise servers

Filed Under: BlackBerry, Denial of Service, Featured, Malware, Mobile, Vulnerability

Blackberry Enterprise ServerIf you are responsible for administering the BlackBerry phones used by staff at your company, there's some important security news.

According to a BlackBerry security advisory published last week, vulnerabilities exist that could allow remote hackers to run malicious code on the BlackBerry Enterprise Server (BES) software run by many firms.

The flaw, which has been rated as "high severity", involves how BlackBerry's enterprise software handles TIFF image files on webpages, in emails, and in instant messages.

According to BlackBerry's advisory:

Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.

Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server.

Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.

In short, a malicious hacker could create a boobytrapped TIFF image file and either trick a BlackBerry smartphone user into visiting a webpage carrying the image, or embed the malicious image directly into an email or instant message.

According to BlackBerry, the BlackBerry Messaging Agent flaw does not even require a user to click on a link or view an email for the attack to succeed.

The risk is that by exploiting the flaw, hackers might be able to plant malicious code on your BlackBerry Enterprise Server that opens a backdoor for remote access.

Depending on how your network infrastructure is set up - intruders might be able to see into other parts of your network and steal information.

Alternatively, the hackers' code might cause your systems to crash - perhaps interrupting communications.

It's important to underline that these are not vulnerabilities in BlackBerry smartphones themselves. Like other BlackBerry-related vulnerabilities we've seen in the past, the potential attack is against the BlackBerry Enterprise Server used by businesses.

As more and more companies are waking up to the risk of targeted attacks with the apparent intention of stealing data and spying on activities, such a vulnerability is clearly a serious concern.

The good news is that BlackBerry has not received any reports of attacks targeting its enterprise customers, but obviously it is still a very good idea for affected customers to update their software as soon as possible. The company has published workarounds for those businesses who may not be able to quickly update their installation of Blackberry Enterprise Server.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.