More BlackBerry image problems: RIM warns of BES security vulnerabilities

Filed Under: BlackBerry, Featured, Malware, Mobile, Vulnerability

BlackBerryIf it weren't enough finding themselves (rather unfairly in my point of view) in the firing line regarding how the BlackBerry Messaging service (BBM) was being used by British rioters, with calls for the service to be suspended, RIM now finds itself with a different kind of BlackBerry image problem.

RIM, the firm behind the popular BlackBerry smartphone, has issued a warning that a number of vulnerabilities have been found in its enterprise software (known as BlackBerry Enterprise Server, or BES).

According to RIM, if the vulnerabilities were exploited by remote hackers they could run malicious code on the BlackBerry Enterprise Server run by many firms.

Specificially, the problem is with the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent, and how they process PNG and TIFF images for rendering on the BlackBerry handheld devices.

In this particular case, the threat is that BlackBerry users could be tricked into clicking on a link or visit a boobytrapped webpage, taking them to a malformed image file.

It's important to underline that these are not vulnerabilities in the BlackBerry smartphones themselves. Like other BlackBerry-related vulnerabilities we've seen in the past, the potential attack is against the BlackBerry Enterprise Server used by businesses.

The risk is that by exploiting the flaw, hackers might be able to plant malicious code on your BlackBerry Enterprise Server that opens a backdoor for remote access.

Depending on how your network infrastructure is set up - intruders might be able to see into other parts of your network and steal information.

Alternatively, the hackers' code might cause your systems to crash - perhaps interrupting communications.

RIM has issued updates that resolve the vulnerabilities in versions of the BlackBerry Enterprise Server and the BlackBerry Enterprise Server Express. You can find out more on their website.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley