Research in Motion posted a knowledge base article yesterday that details a BlackBerry Browser bug that makes many BlackBerry devices vulnerable to phishing attacks. The bug seems to be because of the way that the BlackBerry browser handles server certificates with null characters.
BlackBerry Browser dialog box does not clearly indicate mismatches between web site domain names and associated certificates
From RIM’s Knowledge Base:
Problem
A malicious user could create a web site that includes a certificate that is purposely altered using null (hidden) characters in the certificate’s Common Name (CN) field or otherwise manipulated to deceive a BlackBerry device user into believing they have connected to a trusted web site.
If the malicious user then performs a phishing-style attack by sending the BlackBerry device user a link to the web site in an SMS or email message that appears to be from a trusted source, and the BlackBerry device user chooses to access that site, the BlackBerry Browser will correctly detect the mismatch between the certificate and the domain name and display a dialog box that prompts the user to close the connection. However, the dialog box does not display null characters, so the user may believe they are connecting to a trusted site and disregard the recommended action to close the connection.
The following screenshot shows an example of a BlackBerry Browser dialog box that does not clearly indicate that there is a mismatch between the web server address and its associated certificate:
RIM says that you can resolve this vulnerability by updating your BlackBerry OS and they have released said updates to carriers. The Only problem is that most carriers have not officially released these new OS updates. In the mean time, just be weary sites where the above dialog box pops up…
[Via CIO]