{"id":704,"date":"2009-09-30T21:19:41","date_gmt":"2009-09-30T14:19:41","guid":{"rendered":"http:\/\/deepquest.code511.com\/blog\/?p=704"},"modified":"2009-09-30T21:30:45","modified_gmt":"2009-09-30T14:30:45","slug":"blackberry-smartphones-open-to-sms-attack","status":"publish","type":"post","link":"https:\/\/deepquest.code511.com\/blog\/2009\/09\/blackberry-smartphones-open-to-sms-attack\/","title":{"rendered":"BlackBerry smartphones open to SMS attack"},"content":{"rendered":"<p>The problem lies in the BlackBerry Browser, specifically in the dialog box that alerts users if the URL they have clicked on does not match the domain they are being sent to, the company\u00a0<a style=\"background-color: transparent; color: #235994; text-decoration: none;\" title=\"RIM advisory KB19552 - BlackBerry.com\" href=\"http:\/\/www.blackberry.com\/btsc\/viewContent.do?externalId=KB19552\"><span style=\"color: #000000;\"><span style=\"text-decoration: none;\">warned in an advisory<\/span><\/span><\/a> on Monday.<\/p>\n<p>To exploit the flaw, a hacker could craft a malicious website that spoofs a trusted website, then send users a link to that site using text messaging or email. If the malicious domain name contains a\u00a0<a style=\"background-color: transparent; color: #235994; text-decoration: none;\" title=\"Null character - Wikipedia\" href=\"http:\/\/en.wikipedia.org\/wiki\/Null_character\"><span style=\"color: #000000;\"><span style=\"text-decoration: none;\">null character<\/span><\/span><\/a> and the user chooses to access the site, the certificate-handling software on the device will note that there is a mismatch, but the warning dialog box will not display the null character in the link.<!--more--><\/p>\n<p>For example, the URL &#8216;zd[null character]net.co.uk&#8217; will generate an alert, which will tell the user they are about to visit &#8216;zdnet.co.uk&#8217;.\u00a0<a style=\"background-color: transparent; color: #235994; text-decoration: none;\" title=\"BlackBerry Storm review\" href=\"http:\/\/reviews.zdnet.co.uk\/hardware\/handhelds\/0,1000000735,39559180,00.htm\"><span style=\"color: #000000;\"><span style=\"text-decoration: none;\">BlackBerry<\/span><\/span><\/a>users may ignore this alert, as malicious websites could appear benign, RIM said.<\/p>\n<p>&#8220;RIM recommends that BlackBerry device users exercise caution when clicking on links that they receive in email or SMS messages,&#8221; the company said in its advisory. &#8220;If a user visits a site that causes a BlackBerry Browser dialog box to warn the user about continuing the connection, the user should select Close connection.&#8221;<\/p>\n<p>BlackBerry Device Software from version 4.5 onwards is affected. RIM has provided a software update, available from the\u00a0<a style=\"background-color: transparent; color: #235994; text-decoration: none;\" title=\"Updates - BlackBerry\" href=\"http:\/\/www.blackberry.com\/updates\/\"><span style=\"color: #000000;\"><span style=\"text-decoration: none;\">BlackBerry updates<\/span><\/span><\/a>site, to mitigate the issue.<\/p>\n<p style=\"font-size: 12px; line-height: 1.4em; margin-top: 0px; margin-right: 0px; margin-bottom: 16px; margin-left: 0px; padding: 0px;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" title=\"BlackBerry Browser\" src=\"http:\/\/news.zdnet.co.uk\/i\/z5\/illo\/nw\/story_graphics\/09september\/blackberry_dialogue_error.jpg\" alt=\"\" width=\"420\" height=\"329\" \/><\/p>\n<p style=\"font-size: 12px; line-height: 1.4em; margin-top: 0px; margin-right: 0px; margin-bottom: 16px; margin-left: 0px; padding: 0px;\">\n<p style=\"font-size: 12px; line-height: 1.4em; margin-top: 0px; margin-right: 0px; margin-bottom: 16px; margin-left: 0px; padding: 0px;\">more from <a href=\"http:\/\/news.zdnet.co.uk\/security\/0,1000000189,39780159,00.htm\" target=\"_blank\">Zdnet<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The problem lies in the BlackBerry Browser, specifically in the dialog box that alerts users if the URL they have clicked on does not match the domain they are being&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[67,3],"tags":[2875],"class_list":["post-704","post","type-post","status-publish","format-standard","hentry","category-blackberry","category-security","tag-blackberry"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4bBYZ-bm","_links":{"self":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/comments?post=704"}],"version-history":[{"count":9,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/704\/revisions"}],"predecessor-version":[{"id":712,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/704\/revisions\/712"}],"wp:attachment":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/media?parent=704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/categories?post=704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/tags?post=704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}