BlackBerry Enterprise Server Vulnerable to TIFF Image Based Exploit

Posted: 19/02/2013 in Blackberry, Cyber Crime, Hacking, Vulnerability
Tags: , , , , , , , ,


If you are a BlackBerry Enterprise Network user, here is something you need to be careful about. BlackBerry Enterprise Server (BES) users have been warned that an image-based exploit could allow hackers to access and execute code on the servers used to support corporate users of BlackBerry smartphones.

The flaw that been rated as high severity and actual vulnerability in BlackBerry Enterprise Servers resulted from how the server processes image files.

Scenario to Exploit Vulnerability: A malicious person writes a special code and then embeds it in a TIFF image file. The person then convinces a Blackberry smart phone user (whose phone is connected to a corporate BES) to view the TIFF file.

As soon as the image file loads on the phone, the code runs on the Blackberry Enterprise server and either opens up a back door in the network or causes the network to crash altogether as instructed in the basic code.

RIM is not aware of any attacks on or specifically targeting BlackBerry Enterprise Server customers, and recommends that affected customers update to the latest available software version to be fully protected from these vulnerabilities.” Blackberry said.

The exploit uses a TIFF image containing malicious code, and the dangerous image can either be linked to an email or attached directly to it. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.

BlackBerry Enterprise Server Express version 5.0.4 and earlier for Microsoft Exchange and IBM Lotus Domino and BlackBerry Enterprise Server version 5.0.4 and earlier for Microsoft Exchange, IBM Lotus Domino and Novell Groupwise are affected only.

For the full RIM statement, issue and resolution visit: Knowledge Base Article BSRT-2013-003

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.