Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE Specifiche Pagina 16
- Pagina / 39
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
Attack Surface Analysis of BlackBerry Devices
BlackBerry Persistence Model
• Proprietary
• Application needs to be signed
• Can store any object that implements the
Persistable interface (plus some native types).
• Data can be shared between applications subject to signing and other access controls. For informa-
tion on how to protect data from inappropriate use, see the
ControlledAccess class in the RIM Device
Java Library
5
and the BlackBerry JDE Development Guide.
2
J2ME File System
Newer BlackBerry models (including the Pearl 8100) have traditional file system support, facilitated by the
javax.microedition.io.file package. Applications can enumerate files and directories on the file system,
as well as create, edit, and delete files and directories. Unsigned applications will cause the user to be
prompted to allow access to the file system (Figure 8). The file system can have multiple roots. For exam-
ple, one root for the onboard phone storage, and one for an inserted memory card. Files are addressed using
a URL format. For example:
file:///SDCard/blackberry/pictures/neo.jpg
While .jar or .cod files residing on the J2ME file system can be modified
by an application, no typical user scenario exists where a user will then
subsequently install that .jar or .cod file from the phone or removable
memory card. The existing applications installed on the BlackBerry are
not visible at all to this file system and cannot be modified by it. Also
note that many BlackBerry applications are signed, and modification of
such a signed .cod file will invalidate its signature. Therefore traditional
file infector viruses are not feasible for the BlackBerry, short of the dis-
covery of a new vulnerability. Symantec are not aware of any such vulner-
ability at the time of writing.
USB Mass Storage
When the BlackBerry is plugged into a PC via the USB cable, the user is
given the option of mounting the device as a USB mass storage drive.
Note that the media card must be inserted in order for Mass Storage
mode to be enabled, and only the file system of the media card is accessible in any case. If this option is
selected, the BlackBerry media card file system appears as another drive on the host PC. Users and appli-
cations on the PC can then freely copy files to and from the BlackBerry as easily as any storage drive.
This could result in the BlackBerry accidentally or maliciously being used as a conveyance of malware. For
example threats such as W32.Fujacks.AW
14
copy themselves to removable drives automatically. Although
16
Figure 8: Unsigned application access to
the file system
- Attack Surface 1
- Analysis of 1
- BlackBerry Devices 1
- Introduction 5
- Architecture Overview 6
- Modifying Signed Applications 7
- Malicious Code Signing 7
- Mitigation Strategies 8
- BIS Deployment 8
- BES Deployment 10
- Attack Surface Analysis 13
- JAD Files 14
- Mitigation 15
- File System 15
- Persistent Storage 15
- J2ME File System 16
- USB Mass Storage 16
- Memory and Processes 17
- SMS (Short Message Service) 18
- Premium Rate Scam 18
- SMS Interception 19
- SMS Backdoor 20
- Bluetooth 21
- Bluetooth Backdoor 21
- Bluetooth Worms 21
- Email Interception 22
- Backdoor 22
- Data Theft 25
- TCP/IP Connections 25
- Proxy/Firewall Bypass 26
- Port Scan 27
- HTTP / WAP 28
- HTTP Proxy 29
- Telephony 30
- Call Record Monitoring 31
- Premium Rate Calls 31
- Telephony Data Theft 32
- Conclusions 33
- Appendix A 35
- References 36
Prodotti e manuali riguardandi Software Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FUNDAMENTALS GUIDE
Software Blackberry PROFESSIONAL SOFTWARE FOR MICROSOFT EXCHANGE - - RELEASE NOTES Manuale Utente
(11 pagine)
(11 pagine)
Software Blackberry Messenger Manuale Utente
(17 pagine)
(17 pagine)
Software Blackberry PROFESSIONAL SOFTWARE FOR IBM LOTUS DOMINO - - RELEASE NOTES Manuale Utente
(12 pagine)
(12 pagine)
Software Blackberry Messenger Manuale Utente
(21 pagine)
(21 pagine)
Software Blackberry PROFESSIONAL SOFTWARE FOR MICROSOFT EXCHANGE - - RELEASE NOTES Manuale Utente
(6 pagine)
(6 pagine)
Software Blackberry PROFESSIONAL SOFTWARE FOR MICROSOFT EXCHANGE - - RELEASE NOTES Manuale Utente
(11 pagine)
(11 pagine)
(46 pagine)Ronco Showtime 6000 Series manuales
Manuales del propietario y guías del usuario para Pequeños Utensilios De Cocina Ronco Showtime 6000 Series.
Ofrecemos 1 manuales en pdf Ronco Showtime 6000 Series para descargar gratis por tipos de documentos: Manual de usuario
Commenti su questo manuale