Have You Ever Heard Of A “Jail Broken” BlackBerry?

Chris B.
#1. July 29th, 2008, at 9:30 AM.

Leave it to the geniuses in IT…. Because the iPhone can be hacked is a reason not to let it on your corporate network? That’s like saying because there are thousands of Windows viruses, you won’t let a Windows machine on your network. The corporate network will only allow what the network’s security measures will allow. Hacking an iPhone won’t let you past the network’s security measures.
I agree, the iPhone lacks some enterprise needs (remote wipe, “forced” security policies, etc.)…. The iPhone OS is basically the Mac OS, so if he is not letting the iPhone on his corporate network, he must not, but the same logic, allow Macs on his corporate network.

Mark Santa Ana
#2. July 29th, 2008, at 9:33 AM.

Geesh, Jail Broken, schmoken. It’s just a term for reflashing the unit. Happens to phones (in particular Nokia) every day, it’s a feature not a security risk!

Blackberrys’ are susceptible to a few attacks already BlackJack and the more recent PDF ’sploit to name a few. If don’t use content encryption (which is disabled by default) your device data is susceptible to frozen RAM attack (a proof of concept USB stick already exists to attack PCs).

If your policy doesn’t prevent users from loading applications via desktop manager or OTA then you’ve practically left the door open for the bad guys.

The device is only as secure as the sysadmin makes it.

At the end of the day, once the unit is in the hands of the bad guy (assuming remote wipe failed issued and content encryption wasn’t enabled) the device is already compromised.

gquaglia
#3. July 29th, 2008, at 9:36 AM.

I love how everyone goes around saying the BB can’t be hacked and all. You watch, as this device gets more popular, there will be hacking. Nothing is bullet proof.
@Chris B - You’re right about the IT guys. Most are Wintards who follow the M$ party line. The same thing must be true with BBs.

Wayne
#5. July 29th, 2008, at 11:23 AM.

Of course you would get that attitude from IT guys. If they had there way no one would have PCs - we would still be using dumb terminals connected to mainframes where they could completely control the whole environment as if it was 1975.

Johnnyheff
#6. July 29th, 2008, at 11:30 AM.

…me thinks you hit a nerve, here, robb.

my, my. it seems like someone(s) got up on the wrong side of the iphone this morning…

Cedric Bosch
#7. July 29th, 2008, at 11:32 AM.

The IT is a hack

R9
#8. July 29th, 2008, at 12:24 PM.

How does a jailbroken iPhone pose a security risk?

Hmm, it doesn’t. Even jailbroken and hacked beyond belief, it still can’t bypass an email login or brute force attack the login.

portorikan
#9. July 29th, 2008, at 12:40 PM.

I think jail breaking and hacking are two different things. The only reason the iphone is so popular for jail breaking is because it’s limited to one service provider in the states.

You can get a Blackberry on any service provider so there isn’t a demand for a jail broken Blackberry. That, and quite frankly, it’s just not as ’sexy” or sought after device.

Nobody I know has waited in line for one, nor am I aware of them being sold out for weeks and thousands of people blogging about them or trying to find when the next shipment will arrive.

Maybe you could look at it like the classic Windows vs Mac debate with virus but reversed. More viruses for Windows since it’s more popular. People jail break iphones because they are a more popular device.

R9
#10. July 29th, 2008, at 1:03 PM.

Right, there’s no NEED to jailbreak a blackberry. It’s already jailbroken, rather it’s open. Jailbreaking is just opening the platform.

Chris B.
#12. July 29th, 2008, at 3:47 PM.

OK, I agree that iPhone is lacking some critical enterprise security things (Perhaps that is your point).

But the crux of the matter is that you still need password, user ids, certificates, etc. to access Oracle, PeopleSoft, Notes, etc. And presumably, like a Blackberry, you would need IT to “authorize” your BB/iPhone (and probably sign some security/confidentiality agreement).

And desktops can be hacked, other software loaded, browser/flash/web/quicktime exploits/vulnerabilities, etc.

For this IT guy to say “Apple knows everyone would be hacking these things…” is just silly.

Albert
#13. July 29th, 2008, at 8:24 PM.

I think the ultimate point is that hacking the OS so that it can be doing things it is not supposed to be able to do, cannot be supported. If you’re able to put apps onto the phone that IT deems you shouldn’t have on the phone then IT shouldn’t have to support why your SAP app stopped working or why your Exchange Activesync stopped working.

Here’s the rub though, many end users not all, but many who would jailbreak their phone would still expect IT to fix the problem. Its like the guy who installs his own custom exhaust on the car and then expects the mechanic to fix the smog on his car without changing anything back to spec.

R9
#14. July 29th, 2008, at 8:31 PM.

Or a guy who installs his own software on to his laptop, that VPN’s in to work. You can do all sorts of stuff with a laptop, yet IT doesn’t restrict that from full VPN access in to work.

Security is really only a concern if an employee loses it, then someone finds it and hacks it. Can they access data they shouldn’t before it gets remote wiped by hacking it? Even so, is that any different than a Blackberry or Windows Mobile?
BB perhaps, but WM it doesn’t seem likely.

Nedcomm
#15. July 31st, 2008, at 12:31 PM.

Wayne,

Ever heard of “cloud computing?” The push to store files on the internet and to share multi-licensed software over a network is coming back in vogue. My guess is that it’s not a function of the IT guy wanting to “completely control the whole environment as if it were 1975″ and more a matter of the cost savings and security (in the sense that storing data off-site means that a disaster on-site doesn’t cripple a business a la 9-11).

Asitha
#16. September 12th, 2008, at 7:24 AM.

Urrrm, Jailbreaking the iPhone took a significant amount of effort from a number of hackers. Now that it has been done, it is easy to do. This is not a function of the hackability of the device, just the force of will to do it. Why in the world would you want to hack a Blackberry? Most of the jailbreakers are looking to circumvent one of two things - Apple’s App Store distribution model or the lock in to one provider for service. Blackberry doesn’t have these issues, so not that many people want to hack into them. As for using the iPhone in the Enterprise, at the moment it is on a par with all the smart devices in the Enterprise using Exchange Activesync in terms of security. One of the big four management consultancies, who I used to work for, issued Windows Mobile devices using Activesync. The security is on a par with the iPhone 3G - if they are willing to do WM, they shouldn’t have a problem with iPhone. Hacking into a WM phone is perfectly straightforward.