SMS Attack on BlackBerry Smartphones – Update Device Software

October 1, 2009 Mobile News

According to an advisory published by Research In Motion (RIM), BlackBerry mobile devices are open to attack due to a certificate notification flaw in the smartphone’s software. The problem lies in the BlackBerry Browser dialog box that alerts users if the URL they have clicked on does not match the domain they are being sent to.

RIM published an advisory related to a BlackBerry browser dialog box that provides information about web site domain names and their associated certificates. The BlackBerry browser dialog box informs the BlackBerry device user when there is a mismatch between the site domain name and the domain name indicated in the associated certificate, but does not properly illustrate that the mismatch is due to the presence of some hidden characters (for example, null characters) in the site domain name.This issue affects all built-in browsers on affected BlackBerry devices (BlackBerry Browser, Internet Browser, WAP Browser, and Wi-Fi (Hotspot) Browser.

Using this security flaw, a malicious user could create a web site that includes a certificate that is purposely altered using null (hidden) characters in the certificate’s Common Name (CN) field or otherwise manipulated to deceive a BlackBerry device user into believing they have connected to a trusted web site.

[advt]

RIM recommends that BlackBerry device users exercise caution when clicking on links that they receive in email or SMS messages. If a user visits a site that causes a BlackBerry browser dialog box to warn the user about continuing the connection, the user should select Close connection.

A malicious user may be able to deceive a BlackBerry device user into connecting to a web site that is controlled by the malicious user.

If the malicious user then performs a phishing-style attack by sending the BlackBerry device user a link to the web site in an SMS or email message that appears to be from a trusted source, and the BlackBerry device user chooses to access that site, the BlackBerry browser will correctly detect the mismatch between the certificate and the domain name and display a dialog box that prompts the user to close the connection. However, the dialog box does not display null characters, so the user may believe they are connecting to a trusted site and disregard the recommended action to close the connection.

RIM has issued a software update that resolves this issue in BlackBerry Device Software version 4.5 and later. To check for available updates for your BlackBerry Device Software, visit http://www.blackberry.com/updates/.

The updated BlackBerry Device Software is designed to depict null (hidden) characters in the BlackBerry browser dialog box that appears when the user visits a web site with a certificate that does not match the site domain name. In the updated BlackBerry Device Software, the BlackBerry device represents previously hidden null characters with a block, and highlights the non-matching portion of the domain name in bold.

Related Articles

No Picture
Mobile Devices & Apps

BlackBerry App Development Tools Released by RIM

July 30, 2009 Mobile Devices & Apps

Research In Motion released BlackBerry Web Development Plug-in for Eclipse and BlackBerry Plug-in for Microsoft Visual Studio version 1.2. These tools are part of a complete portfolio of BlackBerry developer tools for web and Java development and a set of APIs that enable developers to easily create a wide variety of mobile applications. The platform also incorporates real-time push technology, unmatched security and highly efficient data compression and network bandwidth utilization, allowing developers to deliver optimized applications on the most powerful, secure and efficient platform in the industry. […]

No Picture
General

Blackberry Torch 9800 3G Smartphone – Price Rs. 32990 in India

October 25, 2010 General

Blackberry Torch 9800 Smartphone lets you experience a full-featured Music Player that allows you to see full album art and track listings in portrait or landscape mode on 3.2” HVGA Touch Screen that supports Optical trackpad and Slide-out QWERTY Keyboard. Its easy to capture those spontaneous moments with a 5.0 MP Camera with flash, continuous Auto-Focus and Image Stabilization and Video Recording Feature. Wi-Fi, GPS and Bluetooth are the connectivity options. Multiple social networks can be updated with a single post. Managing multiple open websites with tabbed browsing, Bookmarking your favorite sites with branded icons and customizable names and accessing them right from the home screen are a few of the great features of Blackberry Torch 9800. It supports an Internal Memory of 8 GB, that can be expanded up to 32 GB with a microSD card. This Smartphone is available in India for INR 35000/- approximately. […]

No Picture
Google

Voice Based Internet Search on Indian Mobiles – Google India

July 18, 2009 Google

Google India launched free voice-based internet search facility on mobiles, built entirely by the Google’s India engineering team. Th is feature is currently available for 400,000 Blackberry cellphone users only. This search service is currently available only in English. To use the voice-based mobile search, a user log on to the internet on the handset, open Google search page, and “ask” for a particular location, like pizza joint, taxi stand or florist while driving a vehicle. […]

Be the first to comment

Leave a Reply