[Security Advisory] Circumvent Device Lock in Blackberry Connect for Windows Mobile

Description:

BBC features a security module that, if configured and activated,
locks the device after a specific amount of time.
In a corporate environment this is usually set up by a security
policy which is pushed to the device via Blackberry Enterprise Server (BES).
If the device is locked the user has to enter a password to unlock the device again.
There are two ways a user can compromise the security implied with the BBC security service.

Continue reading

[Security Advisory] Windows Mobile Security Advisory: Manufacturers leave device open for WAP-Push based attacks

Description:

WAP Push SI (Service Indication) and SL (Service Load) are so called “Service SMS”.
These messages are used by operators to notify about software updates or to deploy
them directly. Microsoft implemented a security policy to ensure that these messages
are accepted only from trusted orginators. This policy is defined in the device registry.
If improper settings are applied to this policy attackers can send malicious content
to the device which then displays or executes the content immediately.
This leaves the device open for further attack scenarios.

Continue reading