Hackers Find Security Hole In BlackBerry Enterprise Server
Research In Motion says it's developed fixes for the vulnerability and can recommend temporary precautions until customers are able to update their software.
Research In Motion's BlackBerry Enterprise Server product may be vulnerable to denial-of-service attacks, according to a group of German hackers, called Phenoelit, that identifies security flaws.
Phenoelit found a problem in the way the server's BlackBerry Router handles Server Routing Protocol packets. An attacker could cause denial of service by sending "specially crafted" packets to the router, according to a vulnerability note posted on the U.S. Computer Emergency Readiness Team's Web site. The result could be disrupted communications between the BlackBerry Enterprise Server and BlackBerry devices, the note states.
In a prepared statement, Research In Motion said it "has already developed software fixes for the issues identified by [the group] and although there have been no customer reports of any actual problems, RIM has also provided temporary precautionary measures that can be taken in the mean time until customers are able to implement the software updates."
RIM asks companies to make sure their BlackBerry Enterprise Server and BlackBerry Router are located behind the corporate firewall. RIM calls it an "internal-only vulnerability" that can be caused by an inside attacker.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.