More BlackBerry image problems: RIM warns of BES security vulnerabilities

BlackBerryIf it weren’t enough finding themselves (rather unfairly in my point of view) in the firing line regarding how the BlackBerry Messaging service (BBM) was being used by British rioters, with calls for the service to be suspended, RIM now finds itself with a different kind of BlackBerry image problem.

RIM, the firm behind the popular BlackBerry smartphone, has issued a warning that a number of vulnerabilities have been found in its enterprise software (known as BlackBerry Enterprise Server, or BES).

According to RIM, if the vulnerabilities were exploited by remote hackers they could run malicious code on the BlackBerry Enterprise Server run by many firms.

Specificially, the problem is with the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent, and how they process PNG and TIFF images for rendering on the BlackBerry handheld devices.

Sign up to our free newsletter.
Security news, advice, and tips.

In this particular case, the threat is that BlackBerry users could be tricked into clicking on a link or visit a boobytrapped webpage, taking them to a malformed image file.

It’s important to underline that these are not vulnerabilities in the BlackBerry smartphones themselves. Like other BlackBerry-related vulnerabilities we’ve seen in the past, the potential attack is against the BlackBerry Enterprise Server used by businesses.

The risk is that by exploiting the flaw, hackers might be able to plant malicious code on your BlackBerry Enterprise Server that opens a backdoor for remote access.

Depending on how your network infrastructure is set up – intruders might be able to see into other parts of your network and steal information.

Alternatively, the hackers’ code might cause your systems to crash – perhaps interrupting communications.

RIM has issued updates that resolve the vulnerabilities in versions of the BlackBerry Enterprise Server and the BlackBerry Enterprise Server Express. You can find out more on their website.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.