•  

Insecurities in blackberry

A session at CONFidence 2013

Wednesday 29th May, 2013

3:00pm to 3:50pm (WMT)

This paper proposes a new security research covers BlackBerry issues relating their own features relied on highest possible way of integration and aggregation with data, service and application that simplifies management. Such way integration shapes developer’s outlook as well as malware writer’s outlook led to the bypass security methods. Despite of that, BlackBerry is full of holes to the brim if consumer has a flexible IT Policy even because current security techniques implemented in BIS (BlackBerry Internet Service) or BES (BlackBerry Enterprise Server) are indecisive argument to be sure in security and privacy and do not provide enough control. As opposite to smartphone, the tablets (PlayBook) are quite new, QNX-based and have the most known technologies, such Adobe Air, HTML5, and Android Dalvik-Runtime, are implemented widely. However, they have a poor application environment and a little those feature known on non-QNX BlackBerry device. This makes security more difficult and unstable to reliably use it by end-users. Research shows that additional third party security solutions often ruin security while native environment allows intercepting, blocking, stealing, misleading, substitute data in real-time bypassing security controls that, finally, reveal sensitive information and turn security solutions to the malware agents. The non-malware applications may use rootkit techniques, e.g. firewall hooks API to watch any incoming or outgoing network traffic. The legitimizing effect of commercial “malware” software led away from user-mode towards the kernel-mode techniques at first glance. However, user-mode rootkits or spyware are still effective to bypass security applications because they have simple APIs calling kernel methods. This research examines and highlights a range of issues referred to the incorrect approach to the security techniques development. It draws security management level of inefficiency outside isolated environment as well as old-attack techniques possibility of application for new BlackBerry device known as Playbook. The research presents pressing issues for fundamental and application BlackBerry security cases, exploitation of native applications built in OS. In additional, third-party security applications are going to be examined for security holes and misunderstanding BlackBerry security concepts.

About the speaker

This person is speaking at this event.
Yury Chemerkin

Experienced in Reverse Engineering, Software Programming, Cyber & Mobile Security Researching, Documentation, Cloud Security, Security Writing

Sign in to add slides, notes or videos to this session

CONFidence 2013

Poland Poland, Krakow

28th29th May 2013

Tell your friends!

When

Time 3:00pm3:50pm WMT

Date Wed 29th May 2013

Short URL

lanyrd.com/schqhh

View the schedule

Share

See something wrong?

Report an issue with this session