Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Especificaciones descargar pdf (Pagina 32)

Attack Surface Analysis of BlackBerry Devices

PhoneCall.getDTMFTones() method to retrieve the string of tones entered by the user and hence their PIN

code. This can then be sent to the attacker along with the dialled number for further use via one of a num-

ber means outlined previously in this document. This approach has been successfully tested using a proof

of concept implementation.

Telephony Data Theft

Data can also be exported from the BlackBerry as DTMF tones during a phone call. A simple scheme works

as follows:

1. The relevant data is acquired (e.g., emails, contacts, SMS, PIM data, dialled numbers) as outlined

in previous sections.

2. The data is serialised in some form, perhaps after being compressed and encrypted, into a sin-

gle byte array. This byte array is then converted into a bitstream.

3. Three bits of data can be encoded in each of the DTMF tones 0-7 (8,9,*,# being redundant in this

case). The bitstream from above is padded to be a multiple of 3 in length; it is then encoded as

a series of DTMF tones.

4. The application then listens for calls to a certain number, which will record the call. Voicemail

would be ideal for this. (Alternatively the attacker could call the BlackBerry device and wait for

someone to pickup)

5. Once the call is in place, the application proceeds to play the DTMF tones that correspond to the

encoded data.

6. The recipient for the information then retrieves the voicemail, and extracts the DTMF tones.

7. The tones are decoded back into a bitstream, (any remaining bits after dividing by 8 are removed

from the end).

8. This bitstream is then converted back into a byte array, and the data is recovered.

This approach has been successfully tested using a proof of concept implementation. However the data

transfer rate was measured at 5.75bps (bits per second), or 23.7 minutes per kilobyte (without pre-com-

pression), which makes it unfeasible for all but the smallest amounts of data (perhaps a phone number,

email address or telephone banking PIN).

Mitigation

You can set the following options to mitigate the attacks outlined above. See Mitigation Strategies for more

information.

1 2 ... 27 28 29 30 31 32 33 34 35 36 37 38 39

Sin comentarios

Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Especificaciones Pagina 32