Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session G5 Blackberry Security. © 2007 Aon Consulting Blackberry Security Session G5 George G. McBride Tuesday 20 March 2007 3:30 PM to 5:00 PM.

Published byAron Stanley Modified over 9 years ago

Similar presentations

Presentation on theme: "Session G5 Blackberry Security. © 2007 Aon Consulting Blackberry Security Session G5 George G. McBride Tuesday 20 March 2007 3:30 PM to 5:00 PM."— Presentation transcript:

1 Session G5 Blackberry Security

2 © 2007 Aon Consulting Blackberry Security Session G5 George G. McBride Tuesday 20 March 2007 3:30 PM to 5:00 PM

3 © 2007 Aon Consulting Welcome!

4 © 2007 Aon Consulting Introduction l Security at the device l Security at the server l Security in transit l Precautions and controls l Assessing and Auditing Security l Conclusion and Wrap-Up

5 © 2007 Aon Consulting Why are we here?

6 © 2007 Aon Consulting And Because: l Around 3 million shipped in 2006 l More than 7 million subscribers today l It weighs 4.6 ounces l Hundreds are lost daily in the US l We often synchronize our e-mails, contacts, calendars, and tasks list l Access to applications puts more data on the devices

7 © 2007 Aon Consulting Typical Blackberry Infrastructure BES Corporate Intranet Corporate Intranet

8 © 2007 Aon Consulting Typical Blackberry Infrastructure BES srp.na.blackberry.net Or srp.xx.blackberry.net Blackberry Network Corporate Intranet Service Provider Network

9 © 2007 Aon Consulting Blackberry Infrastructure Components This diagram excerpted from: Blackberry Enterprise Server for Microsoft Exchange Version 4.0 Feature and Technical Overview © 2004 Research In Motion Limited

10 © 2007 Aon Consulting Blackberry Infrastructure Components l Blackberry Router – Connects the BB Infrastructure to user’s computers with Desktop Manager l Messaging Server – Your MS Exchange or Lotus Notes server l Blackberry Dispatcher – Encrypts / Decrypts and compresses / decompresses messages to and from the devices and the BB infrastructure

11 © 2007 Aon Consulting Blackberry Infrastructure Components l Attachment Service – Manages and optimizes attachments on the device l Mobile Data Service – Conduit between the device and the Application and Content Servers l Configuration Database – Maintains all configuration data for the BES Components, BB users, and the devices

12 © 2007 Aon Consulting Blackberry Infrastructure Components l Messaging Agent – Scans for or is notified of new messages and sends to the Blackberry Dispatcher l Synchronization Service – Memo, Notes, Address Book, and Tasks to be wirelessly synchronized through the dispatcher

13 © 2007 Aon Consulting Blackberry Infrastructure Components – Last One! l Blackberry Controller – Monitors and manages the messaging agent and the dispatcher. Restarts and throttles as required and provides statistics l Policy Service – Maintains and serves as an administrative interface to the various policies and provisioning functions

14 © 2007 Aon Consulting Typical E-Mail Flow - Sending l Alice sends a message to Bob l The Blackberry device compresses and encrypts the message – Designated BES Server address information is part of the message header information l Through the Blackberry Infrastructure, the message is delivered over SRP to Alice’s corporate BES server l The BES receives the message l The BES decompresses and decrypts the message l The BES delivers the message to the user’s mailbox

15 © 2007 Aon Consulting Typical E-Mail Flow - Receiving l Alice has sent a message to Bob l Bob’s e-mail server receives the message and notifies the BES – Message may be retrieved via Desktop l The BES retrieves the message l The BES retrieves the user preferences l The BES compresses and encrypts the message l The BES places the message in the outgoing queue l The message is delivered via SRP to the wireless network l Bob’s Blackberry receives the message and decompresses and decrypts the message

16 © 2007 Aon Consulting “Pin” Messaging l Encrypted with Triple DES – Every Blackberry uses the same peer to peer encryption key l Can generate a Corporate encryption key and distribute to all corporate devices through a policy l “Scrambled” – not encrypted l Ideal for use during a catastrophic failure

17 © 2007 Aon Consulting Short Message Service (SMS) l Remember the old days where a cool game we downloaded surreptitiously dialed Madagascar or Andorra? l How about a program that does that for “Premium” SMS Messages? – If the application is signed, you’ll never know – If the application is not signed, you’ll only know about the first one

18 © 2007 Aon Consulting Device Security l Focus on BlackBerry devices manufactured by Research In Motion l Must of this presentation also applies to devices with “Blackberry Push” technology l Some of the presentation applies to Smartphones and PDAs as well

19 © 2007 Aon Consulting Back-ups are good! l Generated from the desktop software l Can be automated l Restore to alternate device l Includes configuration information l Includes data (not media card) l Plaintext!

20 © 2007 Aon Consulting Where are the Security Options?

21 © 2007 Aon Consulting The Magic Screen l Password can be 4-14 characters with minimal complexity checking l 1 minute to 1 hour timeout l Can automatically lock handheld when holstered l Content Compression: – Not “Security” – Compresses data

22 © 2007 Aon Consulting Content Protection l E-Mail, Calendar, MemoPad, Tasks, Contacts, Browser (cache, saved pages), and Auto-text (corrections) are protected l Can be used by 3 rd party developers l Uses a combination of AES and ECC to encrypt the data l Encryption keys not part of the BB back-up solution l Back-ups are not afforded the same level of protection

23 © 2007 Aon Consulting SmartCard l Something you have and something you know l Uses AES over Bluetooth l Can protect your blackberry and your computer l Power level adjustable l Keys stored in RAM

24 © 2007 Aon Consulting Bluetooth Security l Bluetooth is disabled by default l Can be managed centrally by policy – Connections to other Bluetooth device – Connections to Bluetooth handsfree devices l Bluetooth Object Exchange (OBEX) disabled l Watch “Discoverable Mode” l Can utilize Desktop Manager over Bluetooth

25 © 2007 Aon Consulting Applications on your device l Application signing is required for complete access to the Blackberry API l According to RIM, the $100 required fee is used to verify your identity l Allocated per development environment l Hash (SHA-1) sent to RIM to obtain a signature which is appended to the application

26 © 2007 Aon Consulting Lost Your Blackberry? l Set a Password and Lock Handheld – Creates a new password and immediately locks handheld You risk the loss of your contents if Content Protection is enabled l Erase Data and Disable Handheld l Secure Wipe Delay After IT Policy Received and Secure Wipe Delay After Lock – Time in hours after IT policy updates or IT Admin commands or after device is locked l Secure Wipe if Low Battery – Why?

27 © 2007 Aon Consulting Device Wiping l Three ways to wipe the device: – By command at the BES or pre-defined policy from the BES – By default, after 10 unsuccessful password attempts. Can be changed by policy You get 5 attempts, then have to type “blackberry” and then you get 5 more – User chooses to “Wipe Device”

28 © 2007 Aon Consulting Doing It Yourself

29 © 2007 Aon Consulting Wiping aka Memory Scrub l Wireless Disabled l “Device Under Attack” flag is set – in case of power interruption! l Flash Memory (Persistent Store) is deleted l RAM heap is overwritten in 8 passes, with each bit changing 4 times l Flash memory file system is overwritten in 8 passes, with each bit changing at least twice l Password is cleared l Data space in RAM is cleared 4 times l Handheld is restarted l Compliant with DoD and NIST requirements

30 © 2007 Aon Consulting Simple Defeat l Made of a Nickel, Copper, Silver Plated Nylon plain woven fabric l http://www.paraben -forensics.com http://www.paraben -forensics.com l Work like a charm l Also great for quiet evenings!

31 © 2007 Aon Consulting Blackberry Forensics Screenshot courtesy of: Paraben’s PDA Seizure Software ©2006

32 © 2007 Aon Consulting Paraben’s PDA Seizure Software Main Screen

33 © 2007 Aon Consulting Paraben’s PDA Seizure Software File View Note: Device has “Content Protection” enabled, but has been unlocked!

34 © 2007 Aon Consulting Coming Soon?

35 © 2007 Aon Consulting Connection to the outside l From the Enterprise (BES) to the Research in Motion infrastructure: – Utilizes SRP – From the BES to a RIM designated end point – TCP Port 3101 – Needs a hole in the Firewall for TCP Port 3101

36 © 2007 Aon Consulting SRP l Keys and configuration information maintained in the Configuration DB l If a BES uses the same unique SRP authentication key and SRP ID (both provided by RIM) more than 5 times in one minute, the SRP ID is disabled l Uses bi-directional hashing to authenticate the BES end RIM Infrastructure

37 © 2007 Aon Consulting Increasing Messaging Security l PGP Support available through the PGP Support Package – Package provides tools to manage keys l PGP Universal Server enforces administrator policies and key management – Integrates with LDAP infrastructure l Users can encrypt, decrypt, and digitally sign messages l Encrypted twice!

38 © 2007 Aon Consulting S/MIME Too! l S/MIME Support package supports users who already utilize S/MIME on the computer – Package supports certificate and private key management l Integrates with PKI infrastructure l Encrypted twice!

39 © 2007 Aon Consulting Communications Infrastructure l MDS: – Mobile Data System – Provides access to custom applications within the corporate network – By design, MDS bypasses the firewall – Works for signed and unsigned applications BES Corporate Intranet MDS Applications

40 © 2007 Aon Consulting MDS – The Good Stuff l Formerly known as IP Proxy l Uses AES as a session key and a 1024 bit RSA key to exchange keys between the Blackberry and MDS Services server – Standard Blackberry encryption to the device l Proxy mode: TLS/SSL (HTTPS) between the MDS Services server and application and standard BB encryption out to the device l Handheld mode: TLS/SSL (HTTPS) between the device and the content server – When you “trust” the end-points

41 © 2007 Aon Consulting MDS – The Bad l A hacker could develop an application that collects information and then sends it to them – a signed application would be quite stealthy l Or an application could connect to the hacker, just like a remote back-door l How about a port scanner to determine what services are running? l Accessing a devices GSP Data?

42 © 2007 Aon Consulting The Proof…BBProxy l Also known as “Blackjacking” l BBProxy created by Jesse D’Aguanno – Demonstrated at DefCon 2006 l A rogue application could establish an outbound connection to a hacker controlled system l And utilize MDS to connect to a trusted internal system or perhaps to another external machine the bad guy wants to “own”

43 © 2007 Aon Consulting BBProxy l Enhanced Metasploit to utilize the BB proxied connection – Metasploit: “open-source platform for developing, testing, and using exploit code”. See http://www.metasploit.comhttp://www.metasploit.com l Code may be available Praetorian Global web-site (see resources) l Slides definitely are available

44 © 2007 Aon Consulting Server / Protocol Vulnerabilities l Common Vulnerability Database l Lists 7 vulnerabilities l Some require IP access to the server l Some are from just sending a message

45 © 2007 Aon Consulting Blackberry Vulnerabilities l SecurityFocus™ maintains BugTraq, a mailing list of all things vulnerable l Blackberry maintains an IT Edition Blackberry Connection newsletter l Mitre maintains the Common Vulnerabilities and Exposure DB l United States Computer Emergency Readiness Team (CERT) maintains a DB

46 © 2007 Aon Consulting You Can Protect the Infrastructure l Controls at the user level l Controls at the network level l Controls at the handheld

47 © 2007 Aon Consulting Recommended Controls Handheld l Security at the handheld: – Passwords turned on – Automatic locking – Content Protection Enabled l Do not download or install untrusted applications (signed is not trusted!)

48 © 2007 Aon Consulting Recommended Controls Network l Segmentation – Segment the BES in a DMZ to limit exposure – Consider the MDS back-end applications in a DMZ as well l Firewall Control and monitoring – It’s tough monitoring SSL inbound traffic!

49 © 2007 Aon Consulting Recommended Controls Users l Educate them why the controls are important – Why they are responsible and accountable – Why the password shouldn’t be the phone number l Recognize the question – “Allow an external Connection”

50 © 2007 Aon Consulting Recommended Controls l Conduct an Assessment based on your infrastructure and your implementation. l Publicly available assessments: – @Stake (now Symantec) conducted an assessment in 2003 – Fraunhofer conducted an assessment in 2006 – Neither uncovered significant vulnerabilities

51 © 2007 Aon Consulting And with any control… l Why leave it to the user? l Enforce via policy l Trust, but verify.

52 © 2007 Aon Consulting Assessments - Policy l Review the usage policy including: – Provisioning – Account Management – Decommissioning Employee terminations and remote wiping – Monitoring of traffic and usage – Acceptable use – Do the employees know what is expected of them?

53 © 2007 Aon Consulting Assessments – Review BES Policies l Are passwords and device locks enabled? l Is application download disabled? l Has the remote wipe feature been tested? l Does the BES policy reflect your corporate policy? – Some companies utilize the “Owner” screen (what you see before you type your password) to display a corporate monitoring / usage policy

54 © 2007 Aon Consulting Assessments - Infrastructure l Review Firewall rules l Network segmentation l Are the MDS applications and data adequately protected and encrypted? l Is the Configuration DB secured? l How about the Exchange Servers? l Software updates and patches?

55 © 2007 Aon Consulting Resources l http://oppitronic.de/pb/ (BB Screenshots) l http://blackberryforums.pinstack.com/ l http://www.bbhub.com/ l http://na.blackberry.com/eng/ataglance/security/ l http://www.praetoriang.net/ (BBProxy)

56 © 2007 Aon Consulting Summary l The “user” experience is a very simplified one. The administrator’s is not. l You can provide a solid security infrastructure for Blackberry devices by reducing a number of risks very easily l Solution is not just at the handheld l Resources abound and solutions continue to be developed l Is it time for a thorough assessment?

57 © 2007 Aon Consulting Contact Information Aon Consulting, Inc. 1 Industrial Way West Bldg B  Eatontown, NJ 07724 Office: +1.732.389.8944 Mobile: +1.732.429.0676 george_mcbride@aon.com www.aon.com Financial Advisory and Litigation Consulting Services George G. McBride Director

Download ppt "Session G5 Blackberry Security. © 2007 Aon Consulting Blackberry Security Session G5 George G. McBride Tuesday 20 March 2007 3:30 PM to 5:00 PM."

Similar presentations

1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.

1 © Copyright 2013 EMC Corporation. All rights reserved. Online File Synchronization and Sharing for the Enterprise.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Lab4 Part2 Lau Ting Nga Virginia Tsang Pui Yu Wong Sin Man.

Lab4 Part2 Lau Ting Nga Virginia Tsang Pui Yu Wong Sin Man.
V1.00 © 2009 Research In Motion Limited Introduction to BlackBerry Smartphone Web Development—The BlackBerry Infrastructure Trainer name Date.

V1.00 © 2009 Research In Motion Limited Introduction to BlackBerry Smartphone Web Development—The BlackBerry Infrastructure Trainer name Date.
UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.

UNDERSTANDING JAVA APIS FOR MOBILE DEVICES v0.01.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp

Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Communication Technology Peer Group BLACKBERRY 10: ASKED AND ANSWERED.

Communication Technology Peer Group BLACKBERRY 10: ASKED AND ANSWERED.
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.

V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network security policy: best practices

Network security policy: best practices
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.

MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Managing Client Access

Managing Client Access

Similar presentations

Ads by Google