[Dshield] Thoughts on Blackberry Security?

Wayne Beckham securityguy at dslextreme.com
Wed Oct 6 18:11:32 GMT 2004


It seems the latest trend is for everyone to buy a blackberry and use it for
accessing corporate email.  I'm researching the security of such devices.
>From what I read on the net, RIM uses a blackberry enterprise server
(required) to encrypt corporate email through the firewall, where's it
decrypted on the local device.  So far so good.  But is it really end-to-end
encrypted?  

Many of my users don't have the BB secure server - they're just setting up a
rule that forwards their email to their blackberry account.  SOOOOO, their
email, is being sent clear text.  Problem #2 - I read else where that a
blackberry has no passwords, local data encryption, etc., and a stolen
blackberry is a thief's dream.  

I'm just starting to figure this out and I don't have a blackberry to
experiment with.  I'd appreciate anyone else's insight on such practices.  

- Wayne





More information about the list mailing list