CLOSED Indicate that the Player is closed.
PREFETCHED Indicate that it has acquired all the resources to begin playing.
REALIZED Indicate that it’s acquired the required information but not the resources to function.
STARTED Indicate that the Player has already started.
TIME _ UNKNOWN Indicate that the requested time is unknown. (Long int type)
UNREALIZED Indicate that it hasn’t acquired the required info and resources to function.
Misleading message manipulation hasn’t any effective way to solve. It’s useless to use Firewall List (April 2011 Issue The Backroom Message That’s Stolen Your Deal) or smth either. You have to check permission for each Message’s API application’s requests if you’re BIS. If you’re BES customer try use Application Control Policy rules for 3rd Party Applications.
DTMF covert channel is possible to block by BES IT Policy Rules in two ways. A first strong restriction is Disable DTMF Fallback placed at Enterprise Voice Client. Change the default value from False to True.
The second way is more flexible. To stop attack events taking place over incoming or outgoing calls, an IT rule
placed at Enterprise Voice Client›Reject Non-Enterprise Voice Calls should be set to True to accept incoming calls only if they are sent through the BlackBerry Enterprise Server.
In addition, setting up black list and white lists to reject or allow incoming and outcoming calls can help.
The rules are configured at Firewall›Restrict Incoming Cellular Calls and Firewall›Restrict Outcoming Cellular Calls. Type one or more fixed dialing patterns (for example, specific dialing numbers or a set of dialing numbers that have the same prefix) separated by a semi-colon (;). To receive calls to numbers that are preceded by the number one, or a plus sign (+) Listing 22. Voice recording
byte[] microphone() {
byte[] byte_arr = null;
RecordControl RecControl;
try {
Player players = Manager.createPlayer("capture://audio"); // Player set to capture audio here players.realize();
RecControl = (RecordControl)p.getControl("RecordControl");
ByteArrayOutputStream outstream = new ByteArrayOutputStream();
RecControl.setRecordStream(outstream);
RecControl.startRecord();
players.start();
Thread.sleep(RECORD_TIME); //msec RecControl.commit();
if (players != null)
{
players.stop();
players.close();
players = null;
}
byte[] byte_arr = outstream.toByteArray();
}
catch (IOException e) {
//some errors }
catch (MediaException e) {
//some errors }
catch (InterruptedException e) {
//some errors }
return byte_arr;
}
AttAck
and the number one only, type +1...;1...;r;. To block a specific dialing number, append r to the dialing number. For example, to block calls from the number 519-555-1234, type +15195551234r. To block calls that use a specific pattern, append r to the pattern.
For example, type 011...r; to block calls that use the format 011xxxxxxxxxx. To block all calls other than the calls you permit using this rule, type r in the pattern.
Note, this IT Rule can block Premium-rate calls and other unwanted calls as well.
To assess the risk of eavesdropping you should to view permissions such as Recording and Media when you download any application. To protect from event injection set a BES IT Rule Application Control Policy a Event Injection to False value.
Also, if you are BIS consumer you should hope for Free Hosted BES Cloud that might be a type of BIS and that you can buy all necessary IT Rules. By the way, you always should check permissions when downloading an application to grant or disallow status such applications.
conclusion
For many years, designers, developers, and evaluators of trusted systems for processing national security sensitive information have wrestled with issues about the ways hardware, operating systems, and application software can be used to establish covert channels in
order to steal sensitive information. Covert channels are used because they’re not easily detected. Any system can be attacked and have data stolen. Covert channels are a means of communication between two processes (both is not necessary in local) where one of them process is a Trojan that transmits data covertly and other is a Spy that receives data. Why are they important? It’s difficult to detect and can compromise an otherwise secure system, including one that has been formally verified! Moreover, it can exist even in formally verified systems and can transmit enough data to compromise cryptographic or other confidential data.
On the ‘Net
• http://docs.blackberry.com/en/admin/deliverables/12063/BlackBerry_Enterprise_Server-Policy_Reference_Guide-T323212-832026-1023123101-001-5.0.1-US.pdf – BlackBerry Enterprise Server Version: 5.0. Policy Reference Guide, RIM,
• http://docs.blackberry.com/en/developers/deliverables/11961/BlackBerry_Java_Application-Feature_and_Technical_Overview--789336-1109112514-001-5.0_Beta-US.pdf – BlackBerry Java Application. Version: 5.0. Feature and Technical Overview, RIM
• http://docs.blackberry.com/en/developers/deliverables/9091/JDE_5.0_FundamentalsGuide_Beta.pdf – BlackBerry Java Application.
Version: 5.0. Fundamentals Guide, RIM,
• http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8067/645045/8655/8656/1106255/BlackBerry_
Application_Developer_Guide_Volume_1.pdf?nodeid=1106256&vernum=0 – BlackBerry Application Developer Guide Volume 1:
Fundamentals (4.1), RIM,
• http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8067/645045/8655/8656/1106255/BlackBerry_
Application_Developer_Guide_Volume_2.pdf?nodeid=1106444&vernum=0 – BlackBerry Application Developer Guide Volume 2:
Advanced Topics (4.1), RIM,
• http://www.blackberry.com/developers/docs/4.2api/ – RIM Device Java Library – 4.2.0 Release (Javadoc), RIM,
• http://docs.blackberry.com/en/developers/deliverables/15497/BlackBerry_Smartphone_Simulator-Development_Guide--1001926-0406042642-001-5.0-US.pdf – BlackBerry Smartphone Simulator. Version: 5.0. Development Guide, RIM,
• http://docs.blackberry.com/en/developers/deliverables/1077/BlackBerry_Signing_Authority_Tool_1.0_-_Password_Based_-_
Administrator_Guide.pdf – BlackBerry Signature Tool 1.0. Developer Guide, RIM
• http://en.wikipedia.org/wiki/Cell_ID – Cell ID description from Wiki
• http://www.virusbtn.com/pdf/conference_slides/2010/Hypponen-VB2010.pdf – Conference’ 2010. „Dialers are Back!” by Mikko Hypponen (F-Secure Corporation)
• http://www.iv2-technologies.com/CovertChannels.pdf – Covert Channels by Renaud Bidou, Frédéric Raynal
• http://www.sans.org/reading_room/whitepapers/detection/covert-channels_33413 – Covert channels by SANS Institute InfoSec Reading Room
• http://www.scmagazine.com.au/News/257265,auscert-cisco-ip-phones-prone-to-hackers.aspx – Cisco IP phones prone to hackers By Darren Pauli on May 12, 2011
• http://www.cio.com/article/677377/RIM_Details_Upcoming_Cloud_Based_BES_General_Availability_Late_2011_ – RIM Details Upcoming Cloud-Based BES; General Availability „Late 2011” By Al Sacco on Thu, March 17, 2011
YURY cHEMERkIN.
Graduated at Russian State University for the Humanities (http://rggu.com/) in 2010. At present postgraduate at RSUH.
Information Security Analyst since 2009 and currently working as mobile info security researcher in Moscow.
I have scientific and applied interests in the sphere of forensics, cyber security, AR, perceptive reality, semantic networks, mobile security and cloud computing. I’m researching BlackBerry Infrastructure and the effects of the trust bot-net & forensic techniques on human privacy.
E-mail: [email protected], [email protected]
Facebook: www.facebook.com/yury.chemerkin
LinkedIn: http://ru.linkedin.com/pub/yury-chemerkin/2a/434/
549