The BBProxy attack, demonstrated by security specialist Jesse D'Aguanno, opens a back channel bypassing the organisation's gateway security mechanisms between the hacker and the inside of the victim's network.
"The scenario depicted makes several reaching assumptions about a BlackBerry Enterprise Server deployment," said RIM in a statement.
The attack is only possible if the built-in security policies of the BlackBerry Enterprise Server are not enabled, the company claimed.
"The ability to load and run any third-party software on a BlackBerry device is controlled by an IT policy setting on the BlackBerry Enterprise Server, which would have to be allowed by the administrator," said RIM.
"Furthermore, the ability for a third-party application to make an external connection from a BlackBerry device is also controlled by an IT policy setting in BlackBerry Enterprise Server and would have to be allowed by the administrator.
"In addition, the ability for the BlackBerry Mobile Data System to have access to systems on an internal network is also controlled by an IT policy setting in BlackBerry Enterprise Server, which would also have to be allowed by the administrator."
RIM also stated that it would not be possible to infect a handheld by emailing the malware to an unsuspecting user as an attachment, since the BlackBerry Enterprise Server does not allow users to download attachments to the device.
The company has published two PDF documents outlining the security measures users should take:
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
