COMISIÓN EUROPEA,

There are quite a few very good Internet sites and email-subscription services that can enlighten administrators to new vulnerabilities to not only their BlackBerry devices, but to just about any computer technology. To protect enterprise BlackBerrys, it is important to know about these sites and services and to take advantage of their knowledge.

The U.S. government has created the United States Computer Emergency Readiness Team (US-CERT) to help companies and individuals protect them- selves against cyber-related threats, such as those to BlackBerry devices. Per US-CERT,

US-CERT is charged with protecting our nation’s Internet infrastructure by coor- dinating defense against and response to cyber attacks. US-CERT is responsible for

■■ analyzing and reducing cyber threats and vulnerabilities ■■ _{disseminating cyber threat warning information}

■■ coordinating incident response activities

US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public.

US-CERT also provides a way for citizens, businesses, and other institutions to communicate and coordinate directly with the United States government about cyber security.

US-CERT is an excellent resource to find out what BlackBerry vulnerabilities exist. Doing a quick search on the US-CERT database will show you that, con- trary to popular belief, there are actually quite a few vulnerabilities to these devices and their supporting infrastructure. You may have only heard about the BBProxy vulnerability, for instance, but a quick search of the US-CERT database will show that there are considerably more out there. Figure 3.10 shows the results from a quick US-CERT search on Cyber Security Alerts relat- ing to BlackBerrys.

Figure 3.10: Results from a quick US-Cert search on BlackBerry Cyber Security Alerts

US-CERT also offers a free email-subscription service that will automati- cally send you emails on new vulnerabilities as they become available (https://forms.us-cert.gov/maillists/). These alerts, of course, are good

The SANS (SysAdmin, Audit, Network, Security) Institute is another great source for information on vulnerabilities to BlackBerrys. They also offer a free email-subscription service on vulnerabilities to technology.

Per SANS,

The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information secu- rity officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practition- ers in varied global organizations from corporations to universities working together to help the entire information security community.

I have been subscribing to SANS and US-CERT emails for years. These sites offer a wealth of information and should be a regular part of any technologist’s routine reading. The Common Vulnerabilities and Exposures (CVE) website,

http://cve.mitre.org/, is funded by the Department of Homeland Security

and provides additional information that can be very useful. CVE provides a list of standardized names for vulnerabilities and other information-security exposures to help standardize the names for all publicly known vulnerabilities and security exposures.

In addition to these well-known, industry-standard sites and services, there are many high-quality sites that contain great information.

BlackBerry Antivirus Software

In addition to taking the previously mentioned measures, it is important to be knowledgeable about antivirus solutions for BlackBerrys, just as it is to do so for laptops, desktops, and other computer systems.

As I mentioned earlier in this book, I can walk into any IT department and ask just about anyone to name the most popular antivirus products on the market. They will likely have absolutely no problem naming them. If I were to ask them to name a few BlackBerry antivirus programs, the response would not be so immediate.

Those familiar with how BlackBerrys work often state that it is not necessary to use antivirus software on them. Because BlackBerrys use the Attachment Service to essentially present the attachments and for other reasons, some peo- ple feel that the likelihood of getting a virus is nearly impossible.

Being a security professional, I would prefer to err on the side of caution. In my opinion, it is just a matter of time before something happens. BlackBerry malware exists, as you’ll see in a minute. At the very least, IT professionals need to educate themselves on what is available in the marketplace. Companies are constantly weighing the benefits of security against the cost of having to implement the solutions. Deciding whether to implement BlackBerry antivirus

is no different. Making an educated decision not to implement a technology is one thing. Ignoring the threat altogether because you think you know better is another.

One real good example of a piece of BlackBerry malware is BBProxy. By far, this is the most well-known BlackBerry vulnerability. If BBProxy were running on one of your BlackBerrys, would you want to know about it and remove it? This simple example can put to rest the idea that BlackBerrys are not vulnera- ble to malware. Remember — malware doesn’t have to be sent via an email attachment to get onto a device. Someone can gain physical access to a Black- Berry and load the program. The manner in which it gets there can differ; the fact that it’s on there needs to be addressed.

N OT E The next chapter, “Hacking the Supporting BlackBerry Infrastructure,” provides a detailed explanation of BBProxy and how it affects the enterprise.

On September 21, 2005 SMobile Systems announced the availability of VirusGuard for RIM’s full line of BlackBerry devices. This made VirusGuard the first ever antivirus compatible with the BlackBerry platform. (And at the time of this writing, it’s still the only one of which I am aware. Given the exis- tence of BBProxy and the rapid expansion of BlackBerrys, it likely will not be long before other vendors begin offering BlackBerry antivirus protection.)

Per SMobile,

SMobile’s VirusGuard for BlackBerry is currently the only anti-virus solution for BlackBerry available on the market. VirusGuard stops malware and other threats at the handset — so users can continue to access the full functionality of their BlackBerry devices. In contrast, security measures instituted at the corpo- rate network level typically require IT administrators to enforce strict device capability limitations, such as prohibiting the downloading of third-party appli- cations onto the device. This potentially blocks users’ access to key applications that would otherwise improve job performance and increase productivity.

VirusGuard is marketed as being a robust antivirus and antimalware appli- cation for BlackBerrys. Among the features offered in the solution are

■■ _{Heuristics scanning engine}

■■ Full protection of your device from the latest mobile threats

■■ _{Easy-to-use interface} ■■ Real-time monitor scans

■■ _{On-demand scans of internal memory, memory card, and/or full device} ■■ Advanced heuristic detection

■■ _{Automatic over-the-air updates and registration} ■■ Full logging of scan and detection activity

■■ Detection alerts when infected files are autodetected and deleted

■■ _{Autoboot upon device restart}

■■ Subscription-based license that entitles you to a year of automatic updates

■■ Seamless transfer to new devices

As you can see, there are multiple steps that IT personnel need to take to protect their BlackBerrys from malware. This includes keeping the BlackBerry infrastructure up-to-date and configured securely, protecting the endpoint BlackBerry device with antivirus/antimalware software, and keeping abreast of vulnerabilities and exploits to the devices and their supporting infrastructure.