BBC features a security module that, if configured and activated,
locks the device after a specific amount of time.
In a corporate environment this is usually set up by a security
policy which is pushed to the device via Blackberry Enterprise Server (BES).
If the device is locked the user has to enter a password to unlock the device again.
There are two ways a user can compromise the security implied with the BBC security service.
WAP Push SI (Service Indication) and SL (Service Load) are so called “Service SMS”.
These messages are used by operators to notify about software updates or to deploy
them directly. Microsoft implemented a security policy to ensure that these messages
are accepted only from trusted orginators. This policy is defined in the device registry.
If improper settings are applied to this policy attackers can send malicious content
to the device which then displays or executes the content immediately.
This leaves the device open for further attack scenarios.