"So, someone can take over the device, or load a virus on it covertly." D'Aguanno hid attacker software code in a noughts and crosses game that, if downloaded and played on a BlackBerry, secretly invaded the network linked to the handled device.

An "attack vector" described by D'Aguanno during a presentation at a recent DefCon hackers conference in Las Vegas was to email BlackBerry users a link and trick them into downloading the malicious software cloaked in the game. The devices, made by Research In Motion in Canada, would then act as doorways that let hackers slip behind fire walls and seek out unprotected computers in a company's network, according to D'Aguanno. "One of the biggest hurdles for an actual attacker is to get themselves on the internal network," D'Aguanno said. "Going head-on is usually not the smart way to go because of beefy fire walls and all that.

"But, if you get yourself inside the network, there are vulnerable machines, the defenses aren't as formidable because they rely on the outer walls." D'Aguanno said that the potential for the BBProxy version released on Monday to be used maliciously was "nil" and that it was intended to show network administrators that the threat of attack via BlackBerry devices was real.

"The general thinking around the BlackBerry and handheld devices as a whole needs to be reformed," D'Aguanno said. "You need to secure the rest of your network from malicious attacks from that medium." Another possible form of attack was "blackjacking," or hijacking legitimate users' BlackBerry devices and replacing them on the network with rogue devices, D'Aguanno said. The components of business enterprise computer servers that support mobile data devices should be isolated instead of being linked in ways that allow unfettered access to entire networks, he advised.

Downloading of third-party applications to BlackBerry or similar devices should be prevented, according to D'Aguanno. "It is kind of a new playground, as far as a way into a network," D'Aguanno said, adding he knew of no successful hacker attacks via BlackBerry.

"I have a BlackBerry. I think they are great things, but you have to treat them like any untrusted computer with access to your network." AFP