Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Especificaciones descargar pdf (Pagina 7)

Attack Surface Analysis of BlackBerry Devices

BlackBerry using the

javaloader utility, but when the user attempts to execute it, they get an error such as

"Error starting X, Module 'X' attempts to access a secure API." (Figure 1).

Modifying Signed Applications

It is interesting to note the behavior of a signed application that has been modified post-compilation. In one

test case, a signed application was written which attempted to read incoming SMS messages. As expected,

there was no MIDP prompt, and the firewall was turned off, so the pro-

gram ran without further user interaction. When this signed application

was modified with a hex editor, by changing the static string "JOC" to

"f00", the application ran, but presented the user with the standard MIDP

prompt regarding network access. The bytecode may be valid syntacti-

cally, but the signature is no longer valid. In this scenario it appears

applications run with the equivalent permissions of unsigned applica-

tions (e.g. it would fail with an error similar to Figure 1 if the application

tried to access an API that requires signing such as the phone API).

Note that at no stage was the user informed that a signature was pres-

ent, but that it did not match the file to which it was applied (and hence

that the file was either corrupted or maliciously modified.)

Malicious Code Signing

While code signing provides a potential hurdle for malicious code writ-

ers, signatures can still be obtained with relative ease and anonymity. Code-signing keys can be obtained

anonymously via the use of prepaid credit-cards and false details. Pre-paid credit cards can be bought and

charged locally with cash without the requirement of presenting I.D.

This makes it potentially impossible

to determine the creator of a signed malicious application, and as a result track the perpetrator.

RIM has the ability to revoke signing keys. That is, disabling them and preventing their use to sign any fur-

ther code. However code that has already been signed by such keys cannot be revoked, although it can still

be blocked by IT Policy / Application Control on BES deployments. This is in contrast with a Certificate

Revocation List system for example, which allows a Certificate Signing Authority to retroactively revoke a

Signing Certificate on a global scale.

Bearing these facts in mind, it is vital that third party software vendors who develop applications for the

BlackBerry ensure the security of their own infrastructure. Symantec recommends that hosts which are

used to sign applications are tightly monitored and only used for signing purposes and not general tasks.

These hosts should also be protected with up-to-date antivirus, personal firewall and if possible host intru-

sion prevention. By taking these steps vendors can lower the risk that their signing keys will be stolen by a

malicious third party. (See RIM's BlackBerry Signature Tool Developer Guide

for more recommendations.)

Figure 1: Unsigned application attempting

to access a controlled API

1 2 3 4 5 6 7 8 9 10 11 12 ... 38 39

Sin comentarios

Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Especificaciones Pagina 7