A security consultant has warned that the popular push-email device beloved of corporate suits everywhere may turn out to be a serious security threat to private networks. Speaking at the DefCon hacker convention in Las Vegas this week, Jesse D’Aguanno of risk management firm Praetorian Global, revealed a new exploit which allows for the BlackBerry to be turned into a Trojan horse.

BlackBerrys typically use either an encrypted VPN tunnel using IPSec or similar to reach the enterprise mail server and other shared resources. This effectively prevents third parties intercepting the communications or spoofing either the handheld terminal or the server. Alternatively, a connection is established over the open internet using SSL/TLS encryption to reach a gateway server, which essentially achieves the same aim. Some other implementations connect to a hosted BlackBerry server within the mobile operator’s private network.

But D’Aguanno’s argument is the problem with devices accessing the corporate network via a VPN tunnel, is that they are within the enterprise’s security perimeter, but outside its physical control. Firewalls and intrusion detection systems will not be aware of security breaches originating on the device. Unlike PCs and servers on the local network, mobile devices are harder to manage and are not protected by physical security measures. What is more, the device has access to the internet which does not pass through the enterprise’s network.

Some of the devices also have WLAN functionality, which opens up the possibility of access to the internet without the network operator’s involvement.

D’Aguanno’s exploit consists of an application, BBTrojan, which must be installed on the device, either by someone with physical access to it or from a malicious email attachment or Bluetooth file transfer. The Trojan then opens a data connection via the cellular network to the attacker’s remote host and then awaits instructions from the attacker.

As the attack could allow further attack code to be executed on the device, the attacker now has full access to the corporate network, potentially including the external interface of the email system, the enterprise LAN itself, or even perhaps a mobile operator’s core network.

In anticipation of D’Aguanno’s revelations, RIM recently put up a Knowledge Centre article on protecting the device from malware in the enterprise space.

M1 and Research In Motion have launched Singapore’s first UMTS-enabled BlackBerry handset – the BlackBerry 8707v.

The BlackBerry 8707v offers customers more ways to stay connected wherever they are. In addition to phone, email and mobile data applications, customers can also use the handset as a tethered modem to access the Internet from their laptops. The BlackBerry 8707v also enables users to speak on the phone while simultaneously sending and receiving email, browsing the Internet or using other data applications, even while the handset is being used as a modem.

The BlackBerry 8707v functions on 2100 MHz UMTS networks, and also supports 850/900/1800/1900 MHz GSM/GPRS (quad band) networks to provide comprehensive roaming coverage in many countries.

“We are continuously working on ways to improve our customers’ mobile experience, particularly their ability to work from anywhere. The BlackBerry 8707v is another powerful addition to our range of BlackBerry solutions. It will give a productivity boost to individuals in large or small enterprises in their quest to stay in touch with their customers and business partners. The launch of the BlackBerry 8707v reinforces our commitment to our customers’ needs and our aim to be the preferred mobile service provider in the enterprise market,” said P. Subramaniam, M1′s Director of Enterprise & Alliances.

“The BlackBerry 8707v is an ideal choice for mobile professionals seeking a highly developed solution for both voice and data applications,” said Norm Lo, Vice President of Asia Pacific at Research In Motion. “We are very pleased to bring the BlackBerry 8707v to Singapore with M1.”

The BlackBerry 8707v has a bright, high-resolution color landscape QVGA (320 x 240) LCD screen that delivers vivid graphics with ample workspace for reading emails, browsing the Internet or viewing attachments (including support for popular file formats such as Word, Excel, PowerPoint, WordPerfect, PDF, ASCII, JPEG, GIF, BMP, TIFF and PNG). An intelligent light sensing technology automatically optimizes the screen and keyboard lighting levels for indoor and outdoor viewing. The handset features a full QWERTY keyboard for rapid and accurate thumb typing and includes dedicated “send,” “end,” “mute” and “power” keys. A built-in speakerphone enables hands-free conversation, and the handset can also be used with a wireless headset or car kit via its built-in Bluetooth support.

For corporate customers, BlackBerry Enterprise Server(TM) software tightly integrates with Microsoft Exchange, IBM Lotus Domino and Novell GroupWise, and works with existing enterprise systems to enable secure, push-based wireless access to email and other corporate data.

For individuals and smaller businesses, BlackBerry Internet Service(TM) enables users to manage up to ten corporate and personal email accounts (including Microsoft Exchange, Microsoft Outlook, IBM Lotus Domino and most popular ISP email accounts) from a single device.

Telefonica Moviles Espana, Palm, Inc. (Nasdaq:PALM) and Research In Motion (RIM) (Nasdaq:RIMM)(TSX:RIM) today announced the availability of BlackBerry(R) Connect(TM) software for the Palm(R) Treo(TM) 650 smartphone in Spain. With BlackBerry Connect, movistar’s enterprise and multinational customers will benefit from a wider range of devices compatible with BlackBerry(R) services from movistar.

“Demand for wireless email solutions is driven by the need for increased productivity amongst movistar’s enterprise customers,” said Luis Ezcurra, general director of market development and marketing for Telefonica Moviles Espana. “Movistar believes that working closely with Palm and RIM to provide the feature-rich Treo 650 with BlackBerry Connect functionality will address this demand, as enterprise customers are very interested in investing in solutions that support their business, operational and IT objectives.”

With this expansion of the “BlackBerry from movistar” portfolio, Treo 650 smartphone customers can now benefit from many popular features of the “push”-based BlackBerry architecture via BlackBerry Enterprise Server(TM). For corporate customers, BlackBerry Enterprise Server software tightly integrates with Microsoft(R) Exchange and IBM Lotus(R) Domino(R) and works with existing enterprise systems to enable secure, push-based wireless access to email and other corporate data.

The Treo 650 smartphone with BlackBerry Connect supports the following features:

— “Push” Corporate Email delivers messages automatically — and wirelessly — to the Treo 650 smartphone’s inbox. Changes to the inbox, including read/unread status and deletion, can be automatically synchronized between the user’s email account
and the Treo 650.

— Wireless Calendar Synchronization keeps the Treo 650 smartphone’s built-in Calendar up to date remotely, allowing users to receive, accept or decline meeting requests on the go.

— Attachment Viewing lets users view Excel, Word, PowerPoint and PDF documents in original format.

— Remote Address Lookup (RAL) allows users to search their corporate directory wirelessly for email addresses without the need to download every name to the Treo 650.

— Enables centralized device management, including support for IT policies such as over-the-air device disablement and password device lock, as well as end-to-end security with Triple DES encryption.

“Providing email flexibility is one of the key features that makes the Treo 650 a tremendous asset for business customers,” said John Hartnett, senior vice president of worldwide sales and customer relations, Palm. “The addition of an enterprise strength email solution like BlackBerry Connect for movistar customers reaffirms Palm’s commitment to meet the needs of mobile professionals in Europe.”

“BlackBerry has been embraced by millions of mobile professionals around the world because it is a scalable, secure, and proven wireless solution. The Treo 650 with BlackBerry Connect delivers more choice for mobile customers by offering the combined power of the BlackBerry architecture with the feature rich Treo 650 smartphone,” said Charmaine Eggberry, vice president, EMEA at Research In Motion. “We are pleased to work with Palm and movistar to offer BlackBerry Connect on the Treo 650 smartphone to corporate customers in Spain.”