Blackberry Backdoor Exploit at DefCon

From Wired News: Blackberry a Juicy Hacker Target By Kim Zetter

"LAS VEGAS -- A computer security researcher says he's found an unexpected new path into company networks: the Blackberry.

Jesse D'Aguanno, a consultant with Praetorian Global, has developed a hacking program that exploits the trust relationship between a Blackberry and a company’s internal server to hijack a connection to the network. Because the data tunnel between the Blackberry and the server is encrypted, intrusion detection systems at the perimeter of the network won't detect the attack.

The technique is successful, D'Aguanno says, because most companies aren't equipped to detect someone trying to deliver an exploit from inside the network. It also works because few companies view the Blackberry as a plausible attack vector.

"Because it's a handheld device, most people don't think it's something that can actually harm the rest of your internal network," D'Aguanno said. "But a Blackberry is not your average handheld. It's not just a PDA that's connected (to your network) only when you're in the office. It's a code-running machine that's always on and always connected to your internal network and has direct access to whatever you give it access to. And most company architectures allow it unfettered access to everything on the internal network.""

Read the full article here.