Hacker Claims to Have Developed A Virus For Blackberrys

The addictive Canadian-made device is a must have for millions of people around the world. But now a security firm is warning it’s developed a malicious code that could allow a hacker to get into a company’s corporate network almost undetected.

Researcher Jesse D’Aguanno developed the code that he says could be sent in something as simple as a downloadable game of “X’s and O’s”. BBProxy, as it’s known, looks innocent enough, but if downloaded onto a Blackberry, could open the door to a nether world for those looking for a company’s secrets.

He suggests the virus could arrive as a simple email attachment and because most users don’t know there’s any danger, they may not take the same precautions they would using a PC.

The trick to getting it to work is technical and involves exploiting the link between the Blackberry and its email servers. Once it gets on a machine, the program calls back to the attacker’s system without alerting the user and opens a secret communications channel into a company’s internal network.

“A malicious person could potentially use this back channel to move around inside of an organization unabated and remove confidential information undetected, or use the back channel to install malware on the network,” warns security firm Secure Computing in a statement.

D’Aguanno insists the Blackberry is the perfect hacking device, because it’s always turned on, is always connected and is powerful enough to run complicated programs. He intends to release the code in mid-August so everyone can get a look at what he’s done.

So should users worry they’re about to become a conduit for ruining their firm’s business?

Waterloo’s Research In Motion, which created the device, assures that won’t happen.

The company claims D’Aguanno made incorrect assumptions about how their machine actually works, and while no computer can ever be completely immune to intruders, the code likely won’t do much to the Blackberry.

RIM spokesmen note their machine can only run third party programs if a network administrator gives permission. And it claims to have updated its security in the wake of the threat just to be sure.

Critics believe Secure Computing has a vested interest in making the claim, since it sells services designed to fight online intruders.

In the meantime, the best advice is sometimes the oldest advice, and that’s to practice safe computing.

Don’t open any email attachments from someone you don’t know. Because in this game of Tic Tac Toe, there’s always a chance you could lose.