Forgot your password?
typodupeerror
Blackberry Security IT

BlackBerry Server Can Be Hacked With Image File 51

Posted by timothy
from the image-of-the-emir-perhaps dept.
Trailrunner7 writes "There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device. The vulnerabilities are in several version of BES for Exchange, Lotus Domino and Novell GroupWise, and Research in Motion said that an attacker who is able to exploit one of the bugs might also be able to move from the compromised BES server to other parts of the network."
This discussion has been archived. No new comments can be posted.

BlackBerry Server Can Be Hacked With Image File

Comments Filter:
  • by WrongSizeGlass (838941) on Saturday August 13, 2011 @04:57PM (#37081006)
    Sure my client's BES could be hacked with an image file, but the image is of a really hot chick, so it's a fair trade.
    • by Anonymous Coward

      You made me click on the TFA with your comment!

      I am sad. There is no hot chick in TFA... :(

    • Sure my client's BES could be hacked with an image file, but the image is of a really hot chick, so it's a fair trade.

      That's pretty sexist. Only about half the population would appreciate that.

      • by drinkypoo (153816)

        That's a lot of crap, there are tons of (straight) women who look at the pictures in Playboy because they can appreciate a pretty woman, but virtually no (straight) men who will even open a copy of Playgirl.

  • by SilverHatHacker (1381259) on Saturday August 13, 2011 @05:00PM (#37081036)
    1. Send goatse image to BB.
    2. BB holder frozen in shock.
    3. Walk up to frozen holder, appropriate keys/saved passwords/etc.
    4. ???
    5. Profit!
  • I always knew we needed an emoticon for "pwned!"
  • by MacGyver2210 (1053110) on Saturday August 13, 2011 @06:41PM (#37081480)

    So you want me to click a link to an article about hacking via image files...?

    *opens lynx*

  • This article violates teh DMCA and has been sent to the DHS for immediate action against the terrorists who wrote it.
    All those involved will be hand molested by the TSA before being sent to Guantanamo bay.

  • by Anonymous Coward

    RIM announced the problem, WITH the solution, it wasn't. Announced by a 3rd party, so RIM remains dedicated to security.

    The problem is on servers, not on devices, maintaining device security. One would need intimate knowledge of the BES set up to actually extract information from the server.

    Their communication between device and server has yet to be hacked

    • I think you forgot the quotes around "security". As long as they're decrypting stuff voluntarily for various governments, there's nothing secure about it.

    • While this may be true:

      Their communication between device and server has yet to be hacked

      This isn't:

      One would need intimate knowledge of the BES set up to actually extract information from the server.

      Their communication between device and server has yet to be hacked

      From the KB warning:

      "Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account."

      Access to the besadmin a

      • But what is true is that the Slashdot editors or the submitter has decided that instead of even mentioning the patch, they would just focus on the exploit.

        Strange of course, as the source material for this post is titled "Severe Remote Flaw Fixed in BlackBerry Enterprise Server", and the source for THAT article does indeed include the patch itself.

        • by lennier (44736)

          But what is true is that the Slashdot editors or the submitter has decided that instead of even mentioning the patch, they would just focus on the exploit.

          But of course the patch has automagically applied itself to every BES server in the world, instantly, leaving no window of vulnerability while sysadmins scramble to apply it.

          I mean, that's what patches do, right?

  • by Kebis (1396783)
    Isn't this exploit pretty much what Captain Picard wanted to do to the Borg in the episode with Hue?
  • RIM shipped a patch for these vulnerabilities almost a week ago. The headline should read "Blackberry Server Can't Be Hacked With Image File"

    That's right, this was discovered and fixed long before it could become a problem. That's what I expect from RIM's best-in-class security.

We want to create puppets that pull their own strings. - Ann Marion

Working...