Protecting the BlackBerry smartphone and BlackBerry Enterprise Server against malware

Article ID: KB05499

Type:   Security Advisory

First Published: 03-20-07

Last Modified: 01-10-2013

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
  • BlackBerry Enterprise Server for Novell GroupWise
Collapse Products
ExpandAffected Software
  • BlackBerry® Device Software 4.0 and later
  • BlackBerry® Enterprise Server software version 4.0 and later

CollapseIssue Severity

Not applicable. This article describes a class of issue, rather than a specific issue.

 

CollapseOverview

Third-party applications that are designed to disrupt and cause damage to computer systems are collectively known as malware, and include the following types of applications:

  • Viruses replicate themselves by attaching to legitimate applications on a computer.
  • Trojan horses are disguised as, or embedded within, legitimate applications. Trojan horse applications operate by convincing the user to take some action rather than by exploiting flaws in the security design or configuration of the target computer.
  • Worms replicate themselves to spread across networks and potentially overwhelm computer systems. A worm is self-contained and does not need to be part of another program to propagate itself.
  • Spyware is designed to log user activities and personal data and send it back to the attacker.
CollapseProblem

Some malware attacks may target BlackBerry smartphones. Attackers may attempt to use malware to execute attacks that are designed to do one or more of the following:

  • steal personal and corporate data
  • create a Denial of Service (DoS) attack to make a corporate network unusable
  • access a corporate network using corporate BlackBerry smartphones
ExpandImpact

Malware attacks may be possible on any unsecured device, including a computer, smartphone, or personal data assistant (PDA).

If an organization using the BlackBerry Enterprise Solution has not set the BlackBerry Enterprise Solution security tools to control third-party applications on its BlackBerry smartphone, malware that targets BlackBerry smartphones may gain access to systems on an internal network.

Note: Some Internet coverage of malware demonstrations may inaccurately report that a malicious user can successfully initiate an attack by sending malware to a BlackBerry smartphone user using an email attachment. The BlackBerry Attachment Service is designed to prevent malicious applications from accessing data on the BlackBerry smartphone by using binary format parsing to open attachments and prepare them to be sent to the BlackBerry smartphone. The BlackBerry smartphone does not run an application sent as an attachment in an email message. Therefore, an email attachment cannot be used to successfully deliver malware applications to a BlackBerry smartphone user.

CollapseWorkaround

Whether a BlackBerry Enterprise Server administrator pushes trusted third-party applications to BlackBerry smartphones or freely permits BlackBerry smartphone users to download third-party applications, BlackBerry smartphones are designed to prevent attackers from using malware to access a corporate network and BlackBerry smartphones in the following ways:

  • When you try to download any kind of application, by default, the BlackBerry smartphone first downloads a small portion of the application to determine the hash and to verify whether the application is permitted on the BlackBerry smartphone.
  • In BlackBerry Manager, BlackBerry Enterprise Server administrators set IT policies and Application Control Policies to control the manual or automatic installation of third-party applications on BlackBerry smartphones. Administrators also use these policies to control third-party application access to their organization's BlackBerry smartphone resources and applications.
  • Administrators can also place the BlackBerry Enterprise Server in multiple network segments by installing each component on a remote computer, then placing each component in its own network segment.

Using IT policy and application control policy rules

The BlackBerry Enterprise Server provides IT policy and application control policy rules to control third-party applications using the following methods:

  • Preventing BlackBerry smartphones from downloading any third-party applications over the wireless network.
  • Either requiring or preventing the installation of specific third-party applications.
  • Controlling the permissions of third-party applications that exist on BlackBerry smartphones.

Note: By default, BlackBerry smartphones can install all third-party applications until the BlackBerry Enterprise Server administrator uses one or more of these methods to control the installation of these applications on BlackBerry smartphones.

Using segmented network architecture

Placing the BlackBerry Enterprise Solution components in a segmented network architecture is an option designed to prevent the spread of potential attacks from one BlackBerry Enterprise Solution component, which is installed on a remote computer, to another computer within a LAN. In a segmented network, attacks are isolated and contained on one computer.

CollapseAdditional Information

Using segmented network architecture

For more information about using a segmented network architecture to prevent the spread of potential malware attacks, see Placing the BlackBerry Enterprise Solution in a segmented network.

BlackBerry Security

For more information about using BlackBerry Enterprise solution tools and architecture options to control third-party application access to BlackBerry devices, see Protecting BlackBerry Smartphones Against Malware and the BlackBerry Enterprise Server Policy Reference Guide.

For more information about BlackBerry Enterprise Solution security features and an overview of the BlackBerry security architecture, see the BlackBerry Enterprise Solution Security Technical Overview.

For more information on BlackBerry security, visit www.blackberry.com/security.

CollapseChange Log

01-09-13

Updated document links

09-02-10

Updates to article formatting. No technical content changed.

11-05-09

Article updated to reformat content and generalize content for RIM's official response to malware threats.

12-09-08

Article updated due to a system upgrade that did not affect article content.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.