A Blackberry handheld device enables a user to be constantly connected to a corporate Local Area Network (LAN), which allows the said user access to email, phone, Internet, instant messaging, and other devices. A remote malicious user can exploit its LAN connection so that it functions as a proxy server.

This vulnerability can be exploited through an outbound socket connection from the Blackberry device to a host on the Internet controlled by the remote user. A subsequent socket connection to a second host (including internal hosts) is then initiated. Blackberry then proxies all data between hosts, thus enabling the remote user to directly communicate with any port on an internal host from an external host.

Note that, in all probability, the remote user will subvert Blackberry's Intrusion Detection Systems (IDS) to prevent the detection of the proxy server activities.

The remote user that successfully exploits a Blackberry can do any of the following actions:

• Talk to hosts behind LAN firewall
• Attack hosts
• Undermine IDS or data logging
• Use a malware (usually a Trojan) to use device's APIs

The manufacturers of Blackberry, Research In Motion Limited (RIM), have posted the following documents to address this vulnerability:

• Placing the Blackberry Enterprise Solution in a Segmented Network
• Protecting the Blackberry Device Platform Against Malware