back to article Malicious PDFs can commandeer BlackBerry Servers, RIM warns

Attackers can commandeer your BlackBerry servers by attaching maliciously formed PDF files to emails, Research in Motion warned Tuesday. The manufacturer of the smartphone advised users to install an update that patches multiple flaws in the BlackBerry's PDF distiller. The vulnerabilities are present on a variety of servers …

COMMENTS

This topic is closed for new posts.
  1. andibaritchi
    Alert

    Can Commandeer Blackberry Enterprise Servers

    Looking at the RIM advisory, it appears the vulnerability is the Blackberry Enterprise Server (BES) itself sitting inside the enterprise network. Thus the cautionary note about network segmentation at the end...

    This is big.

    Regards,

    Andi Baritchi

    CISSP-ISSMP, CISM, CISA, PCI-QSA

  2. Gaius
    Stop

    not handhelds

    Note that this issue affects BES not your handheld.

  3. BristolBachelor Gold badge
    FAIL

    What the fsck ??

    To look at an on-screen representation of a piece of paper, you now need an over-bloated slow program with holes the size of the US budget defecit?

    I vote to ditch PDF and replace it with "e-paper". The files will be small because they only contain enough to render what would've been on the paper. The program to render will be small because all it does is display the static content contained in the "e-paper" files.

    Hell the files could even use a standard description language, like postscript...

    It's freezing outside, I'll get me coat

  4. David Cuthbert
    WTF?

    C'mon, El Reg...

    "Blackberries running Microsoft Windows 2003 or 2008?" Really, now, you think a handheld can run a server OS out of Redmond? What's next, iPhones running SQL Server?

    Go back and re-read the article. They're talking about the BlackBerry Enterprise Server, a bit of software kit installed on a corporate application server, not the handhelds themselves. It even states that device software is not affected!

    Typing this, ironically, on my Crackberry...

  5. JohnG

    Blackberry Enterprise Server

    "...Blackberries running Microsoft Windows versions 2003 or 2008"

    Just to be clear, we are not talking about the Blackberry devices but BES (Blackberry Enterprise Server). A key role of the BES is to provide VPN termination for Blackberry devices via RIM's proprietary protocol (although RIM don't use the term "VPN"). RIM insist that the BES should be placed on the inside of a corporate network, rather than in a DMZ, making it and the Blackberries that connect through it interesting targets for hackers.

    The Blackberry Router is a smokescreen as connections from RIM and Blackberry devices are terminated at the BES, not at the Router.

  6. TrevorH
    Thumb Down

    Does not affect phones,only servers

    A bit misleading, it doesn't commandeer your blackberry, it goes for the server not the phone.

  7. Jens-Fabian Goetzmann
    Stop

    Commandeer blackberries - NOT

    The tech report states that the BlackBerry smartphone software itself is NOT compromised. Only the BlackBerry Enterprise Software or "the computer that hosts the BlackBerry Attachment Service component of that BlackBerry Enterprise Server" can be compromised. Thus this is an admin-only problem, not as the article suggest one that could affect each BlackBerry user.

  8. Anon
    FAIL

    Fact omission

    Well, that surprised me, I didn't know BlackBerrys ran Windows Server 2008.

  9. Anonymous Coward
    Paris Hilton

    It's Panto time!

    "Patch available"...

    Oh, no, it isn't!

    If you follow the link to the download page for Blackberry Pro 4.1, the most recent update on there is 4, dated May '09. It's update 5 which fixes this, allegedly...

  10. Anonymous Coward
    FAIL

    Fix for Bold ?

    RIM,

    try making your hopeless phones work in the first place, constant 3G SOS problems, lock-ups and general other weirdness. As soon as my contracts up it's over to android. Sorry for the off topic rant folks but these people make a 70s alfa romeo look reliable.

    1. Jess

      3G SOS?

      Is this a known issue? - I had just thought it was typical poor Orange coverage and switched the phone to 2G only.

      1. Anonymous Coward
        Anonymous Coward

        RE : 3G SOS

        Yep, just Google it, don't bother with Bing as it can't find it's own arse using both hands and a torch

This topic is closed for new posts.

Other stories you might like