Research in Motion posted a knowledge base article yesterday that details a BlackBerry Browser bug that makes many BlackBerry devices vulnerable to phishing attacks. The bug seems to be because of the way that the BlackBerry browser handles server certificates with null characters.
BlackBerry Browser dialog box does not clearly indicate mismatches between web site domain names and associated certificates
From RIM’s Knowledge Base:
A malicious user could create a web site that includes a certificate that is purposely altered using null (hidden) characters in the certificate’s Common Name (CN) field or otherwise manipulated to deceive a BlackBerry device user into believing they have connected to a trusted web site.
If the malicious user then performs a phishing-style attack by sending the BlackBerry device user a link to the web site in an SMS or email message that appears to be from a trusted source, and the BlackBerry device user chooses to access that site, the BlackBerry Browser will correctly detect the mismatch between the certificate and the domain name and display a dialog box that prompts the user to close the connection. However, the dialog box does not display null characters, so the user may believe they are connecting to a trusted site and disregard the recommended action to close the connection.