BlackBerry (RIM 950 and 957)

BlackBerry (RIM 950 and 957)

Patented by Research in Motion Ltd. (RIM), a Canadian company, the BlackBerry device comes in two current models: the RIM 950 and the RIM 957. The 950 is approximately the size of a pager, with a small text screen. The 957 is about palm-size, and its difference from the 950 is simply a larger screen. Both devices have 32-bit Intel 386 microprocessors. The 950 comes with either 2Mb or 4Mb of flash memory, and the 957 comes with 5Mb. Flash memory preserves battery life and retains all information if the battery dies or is removed.

The BlackBerry solution is a device predominantly used for mobile e-mail access. It does not provide the extra functionality that other PDAs do (such as browsing the Web or reading files) but does what it does very well. Extra functionality can be added to a BlackBerry device by using its SDK and developing applications. BlackBerry added support for Java 2 Micro Edition in late 2000. Some applications, such as mini-browsers, are publicly available for use on BlackBerry devices. Following are three popular browsers available that were developed after-market:

         GoAmerica (HTML, WAP). www.goamerica.net/html/developers

         Neomar (WAP). www.neomar.com/developers/index.html

         Novarra (HTML, JavaScript, WAP). www.novarra.com

BlackBerry uses a push architecture instead of the traditional pull architecture in most other mobile devices. Devices using a pull architecture periodically connect to an e-mail server to check for messages. In BlackBerry's push model, new e-mails are connected to the user, and the user is notified that she has new mail. A copy of e-mails residing on corporate servers or a desktop PC is sent to the device. BlackBerry currently works out-of-the-box only with Microsoft Exchange and Lotus Notes. It began its implementations with Microsoft Exchange and added integration support for Lotus Notes in January 2001.

To save memory and battery life, only the first 2K of an e-mail message are delivered to the device. Users can choose to receive the rest of the message if they want to, although most e-mail messages are less than 2K. Attachments are not delivered to the device, either. They remain on the corporate mail server or in the user's e-mail account on a PC. If a message arrives with an attachment, however, and the user chooses to forward it to another person, the attachment is forwarded along with the message, even though the user never viewed it on her BlackBerry.

The BlackBerry Enterprise Server is available at a corporate level. This enables messages to be forwarded at the server instead of the desktop level. It also affords mail administrators the ability to manage and control batch and security policies and includes support for Simple Network Management Protocol (SNMP).

Input on a BlackBerry is very different from input on other PDAs. Instead of a pen and touch screen, the devices have a QWERTY keyboard for text input and a thumbwheel for scrolling through menus and selecting items. Although the keyboard takes getting used to because of its small size, when a user becomes accustomed to it, typing e-mails is natural and easy.

The AutoText feature makes input much easier. When enabled, AutoText allows users to specify shortcuts for commonly used words or keystroke patterns. For example, when composing an e-mail, if you type a period followed by two spaces, the next letter is automatically capitalized. Certain contractions are also commonly used AutoTexts, for instance, if a user types dont, the device automatically adds an apostrophe, changing it to don't.

Network connectivity is possible via fewer total means than Pocket PCs or Palm OS devices, but more network connectivity possibilities are integrated into BlackBerry devices. IrDA, 56Kbps modems, and connections to a cellular, specifically Motient, network are integrated in the BlackBerry device. It is possible to connect to a desktop via a serial connection and docking cradle. Support for USB and Ethernet and connections to wireless LANs are not possible with the current devices.

The BlackBerry OS architecture is a closed architecture. It is difficult to gain specific information other than those API descriptions provided in the SDK about the architecture itself. To this end, our discussion of a BlackBerry device's architecture is limited. There are obviously advantages and disadvantages to having a closed architecture. It is challenging to learn about the device, to find its security weaknesses and protect against those weaknesses. On the flip side, however, the security weaknesses are not easy to discover and, theoretically, less likely to be exploited. This last reason does not afford much comfort, though. We must operate as though the device deserves limited trust but is not wholly trusted.

BlackBerry APIs

Information pertaining to the hardware in BlackBerry devices can be organized in several ways. It is best to work backwards to the hardware from the APIs to see these categories. The three main categories of APIs are

1.       Database API

2.       Radio API

3.       User Interface (UI) Engine API

In each category there are important main functions to know. The most important API in the Database group is that which allows operation of the Address Book. The database and file system is relatively sophisticated. The database manager allows adding, deleting, and navigating through database records. All the data is stored in flash ROM, which we define as nonvolatile, permanent memory, and data is retained even when the battery is removed or the device is powered off. Flash is quick to read but slow to write to.

All applications can use the same Address Book. The Address Book integrates with the Message API. Table 4.2 shows commonly used BlackBerry APIs. The Radio API group houses the Message API. The Message API has two main capabilities: viewing and composing a message. Messages are created the same way BlackBerry creates e-mail. The Compose API talks to the UI engine, which houses the third group. The UI engine includes the AutoText feature and the Options and Ribbon features. The Options API allows applications to use the same settings, such as notification type (beep, vibrate), date, time, and auto on/off. The UI Engine API contains function calls that allow applications to create custom screens, menus, dialog boxes, status boxes, and fields. The UI can return a message or any event based on user input or action.

As many as 31 applications can run simultaneously on a BlackBerry, with just one in the foreground at any given time. Each of the other applications remains silent until a trigger event wakes it and delivers it to the foreground. Trigger events can be activity on the serial port, a user pressing a key, a timer counting down to 0, a data packet received, or movement of the thumbwheel by the user. Applications act on the events and then return to the background.

The hardware in BlackBerry's architecture fits with the APIs as described here. The Database APIs work with the Files, Memory, and Scheduling components. The Radio APIs work with the actual radio and serial port; the UI Engine works with the Screen, Keypad, and Thumbwheel.

BlackBerry Security

Although receiving personal or internal corporate data via the Internet does not introduce a hole into a corporate firewall, it does introduce a point of attack. BlackBerry devices receive e-mail sent over the Internet, which is publicly accessible. To mitigate this problem, BlackBerry encrypts its communication. The keys for encrypting and decrypting are stored only on the device and at the desktop. Protection is also afforded to the BlackBerry redirector, which forwards incoming mail to the device. A malicious person simulating RIM device commands to the redirector will be unsuccessful without knowledge of the shared key. The redirector responds only to commands encrypted to the key it shares with the device. The encryption method used in encrypting BlackBerry e-mails is triple-DES encryption. This encryption standard is considered the most widely accepted of industry-approved encryption algorithms, provided that the keys are created appropriately (see Chapter 6, "Cryptography," for a discussion of triple-DES). When keys are generated for encryption algorithms, they must gather a certain amount of randomness (explained in detail in Chapter 6).

BlackBerry gathers randomness in creating its private and shared keys by asking the user to move the mouse. This is a common method for generating randomness. It cannot be assumed to be exactly enough but represents effort on RIM's part to collect randomness from a human-generated source.

Another significant component in an encryption process is the distribution of the keys. We have noted that the keys are stored only on the device and on the desktop, but the process for getting the keys to the device is important. If the keys are sent over a wireless link or an Internet connection, they can be captured. BlackBerry transfers keys only while the device is docked in its cradle and directly attached to the desktop via a serial cable. This is an acceptable method for transferring keys. Although BlackBerry's method is not sufficient for protecting matters of national security, this method does speak to BlackBerry's commitment to develop appropriate security into its devices.

The device can be password-protected if this feature is activated. When established, the user can easily lock the handheld to protect the device from unwanted use. This password also prevents access via the serial port and docking cradle. A timeout can be set on the device so that after a specified amount of inactivity in an unlocked state, the device locks itself, requiring the password for unlocking.

An interesting feature BlackBerry includes is that if an incorrect password is entered ten times, the device's memory is automatically erased, rendering it unusable. The applications can be reloaded at the desktop, but the data stored on the device is erased. BlackBerry documentation notes that the password is obfuscated on the device so that if someone were to download the contents of memory from the device, the password would be unattainable. We are unable to verify that this is the case. When a corporation uses the BlackBerry Enterprise Server administrators can require passwords to be used on devices and can specify a minimum length for all users.

The piece of the puzzle here that is most unrelated to BlackBerry devices themselves but can, perhaps, open the most doors to attack is the user's desktop. Leaving the desktop unattended, unlocked, or on without proper physical security can expose the device and its contents to compromise. This does not supersede prevention that should occur at a desktop level in general. It just follows that if a desktop is not properly secure, this device cannot be assumed secure as well.

We do not investigate the BlackBerry Enterprise Server here, but you should note that it requires integration with a corporate firewall and introduces administrative security issues that should be examined before implementation. For more information, see http://www.blackberry.net/international/uk/solutions/pdfs/BlackBerry_Enterprise_Server_for_Exchange_GPRS_Technical_White_Paper.pdf.

Each type of device is unique. Knowledge of one device's intricacies does not translate into working knowledge of another's. This chapter presents a range of considerations. It is imperative that you gather specific information about devices used in your system. Security measures or functionality present in one may not be present in others. Verifying all components of a device is up to the system architects and application developers because no one can predict those that will have security implications and those that will not.