Blackberries Vulnerable to Malicious E-Mail Attacks, Vendor Warns

Blackberry handheld communication devices can be just as vulnerable as desktop and laptop computers to certain malicious e-mail attacks.

One of the largest makers of Blackberry, devices Research in Motion of Waterloo, Ontario, Canada, is warning its customers that their popular handheld devices could lose their ability to view attachments if a certain type of malicious e-mail image is opened on them. In a positing on the customer support web site, the company says a flaw in the design of its Blackberry Enterprise edition makes the device vulnerable to attacks by specially crafted Tagged Image File Format (TIFF) images.

The company said that it has already developed a remedy for the problem and will make the upgrade available to users as soon as it completes testing of it. In the meantime, Research in Motion is warning users to not open any TIFF images in their Blackberry’s attachment services or to disable the attachment services altogether. Disabling the services may be required, the company says, because even though an e-mailed TIFF extension has been removed from the list of supported file types, the service may automatically detect a TIFF file with a renamed extension and attempt to process the file.

The Web site link explains the issue in more detail and provides detailed directions on how to disable the attachment services. The site also features a link to the United States Computer Services Readiness Team’s Web site, where there is additional information on how personal and business users of mobile devices can protect themselves from viruses, worms and identity theft.

While opening a malicious TIFF will kill the Blackberry’s ability to display a view of attachments, the attack does not impact the devices’ other services, such as sending and receiving messages, making phone calls, browsing the Internet, and accessing corporate networks.
~JC


Already a member? log in here.

Editor's Choice

Upcoming CPE Webinars

Nov 24This webcast presents basic principles of revenue recognition, including new ASU 2014-09 for the contract method. Also, CPAs in industries who want a refresher on revenue accounting standards will benefit.
Dec 3The materials discuss the concepts and principles in the AICPA’s new special purpose framework.
Dec 9A key component to improving your firm’s workflow efficiency while enhancing your profitability at the same time is how you leverage emerging technologies.
Dec 9Kristen Rampe will cover how to diffuse the tension in challenging situations in this one-hour webinar.