8

Are there any relevant resources, tools or documents about penetration testing of BlackBerry handhelds?

lisa17
  • 1,958
  • 7
  • 21
  • 43

3 Answers3

5

I recently did a Blackberry handheld security review and used this checklist from the DoD as my source information - http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=252

This is also a useful list of resources from RIM http://docs.blackberry.com/en/admin/deliverables/7533/List_of_available_BB_AMT_tools_555278_11.jsp

This looked interesting to me as it is the commercial equivalent of the Autoberry Tool used by the US government - http://fixmo.com/products/sentinel There are no prices on the site though and I would guess it might be pricy.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
Marion McCune
  • 161
  • 1
  • 3
4

This might be of interest to you:

http://www.defcon.org/images/defcon-14/dc-14-presentations/DC-14-X30n.pdf

This is a slide presentation from the 2006 Defcon event, where the researcher into detail on how an attacker might use the BlackBerry device to run proxying software, granting the attacker remote access to the company LAN (due to how BlackBerry's set up essentially a VPN connection over the Internet).

The proof of concept demonstrated includes the writing of the proxy application as well as performing a simple TCP exploit of a machine running on the LAN to allow privileged access, as well as downloading intranet web pages.

Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65
deed02392
  • 4,038
  • 1
  • 18
  • 20
2

The Blackberry browser is now based of webkit, I would start by looking at fairly recent webkit exploits because you can be pretty sure that the same vulnerabilities if present on the blackberry browser will take a good while to be patched.

Here is an example of a recent BB security advisory reporting a vulnerability in webkit. http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB30152

The blackberry bold fell in the 2011 pwn2own competition to a webkit vulnerability and there was also a fairly recent root exploit in the blackberry playbook which exploited a vulnerability in its file sharing implementation.

As far as recent tools and documentation goes, I don't remember seeing anything specifically on blackberries but there has been a lot of research done on mobile platforms and applications, I would look at applying some of this to the blackberry as a good starting point.

airloom
  • 366
  • 1
  • 5