Trojan sinks its teeth into BlackBerry

One of the first examples of malicious software on BlackBerry devices has surfaced but manufacturer RIM does not see it as a serious threat.

At the Defcon hacker confab on Saturday, researcher Jesse D'Aguanno said he developed a program called BBProxy that, when running on a BlackBerry, gives an attacker entry to the network the wireless device connects to. The program exploits the link between the handheld and the email server, and it could be used to place additional malicious code onto a network.

Secure Computing, a provider of security services, said in a media alert on Tuesday: "A malicious person could potentially use this back channel to move around inside of an organisation unabated and remove confidential information undetected, or use the back channel to install malware on the network."

The BlackBerry service allows companies to give their employees access to email while they are on the road. A typical installation includes server software that is installed on a corporate network as well as the handhelds used to send and receive messages.

For an attack to be successful, a BlackBerry user has to be tricked into running the malicious application. At Defcon, D'Aguanno suggested his program could be delivered to users wrapped in a game of Tic Tac Toe. "First and only BlackBerry Trojan [horse] that I know of," he wrote in his presentation.

It could be the first malicious program aimed at the BlackBerry, Scott Totzke, director of the global security group at RIM, agreed in an interview Tuesday. However, the company doesn't see a major threat to its customers, he said.

Totzke said: "There are a number of hoops that you have to go through to make this thing possible." For one, it is impossible to email an application to the device; people have to download it, he said.

He added: "When you step back and look at it, BlackBerry is a computing platform and able to run applications similar to a laptop and a VPN connection."

The BlackBerry can run applications, including malicious ones, Totzke noted. To avoid that, the device offers several settings that allow companies to protect their systems. These include blocking the ability to run programs. Also, RIM suggests companies put their BlackBerry servers and email servers in discrete sections of the network to limit the connection between the two.

In anticipation of D'Aguanno's presentation, RIM published two documents on its security website that provide instructions on secure installation of a BlackBerry system and on protection against malicious software.

D'Aguanno plans to publicly release BBProxy in the coming weeks. RIM isn't worried. Totzke said: "I don't see releasing code as much of a threat. It is an example of an application running on a BlackBerry that is designed to connect to network resources."

Joris Evers writes for CNET News.com