Over the years, BlackBerry has developed a rock-solid reputation for security, thanks in part to the BlackBerry Enterprise Server. But the unfortunate reality is, no software is infallible – BlackBerry recently discovered a BES exploit which could allow an attacker to gain access to, and execute, code on the server, quite simply by sending a TIFF image to a phone linked to the server.
This vulnerability concerns the portion of BES5 (and earlier) servers which deals with processing images that are rendered on connected BlackBerry smartphones. Perhaps most worryingly, it isn’t necessary for the phone’s user to even open the image, nor the message containing the image. The attacker could quite simply send an email, or instant message, to the phone in question, with the TIFF image embedded. Having said that, the old-fashioned method of luring the phone’s user to a website containing the image will still work as well.
BlackBerry’s full description of the problem says this:
Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.
To exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes TIFF images, an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page. The attacker could provide the link to the user in an email or instant message.
To exploit these vulnerabilities in how the BlackBerry Messaging Agent or the BlackBerry Collaboration Service processes TIFF images, an attacker would need to embed specially crafted TIFF image in an email message or enterprise instant message and send the message to the BlackBerry smartphone user. The user does not need to click a link or an image, or view the email message or instant message for the attack to succeed in this scenario.
Luckily, BlackBerry has not heard of any of their customers being affected by this vulnerability thus far, and they have been quick to release a new version of BlackBerry Enterprise Server to fix it. They have also released an interim security update, for customers unable to upgrade to the latest BES version, as well as a list of workarounds for customers who are unable to install said update. So, although this vulnerability isn’t the greatest news, it’s good to see BlackBerry continue to take security seriously by promptly fixing it.
Source: BlackBerry Knowledge Base