[ISN] RIM refutes security concerns over BlackBerry 8820

From: InfoSec News (alerts@private)
Date: Sun Jul 29 2007 - 23:13:03 PDT


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9028239

By Kathleen Lau
July 27, 2007 
Computerworld Canada

Research In Motion (RIM) shot back at criticism from industry analysts 
that Wi-Fi security concerns would mean limited enterprise use for its 
new dual-mode BlackBerry 8820.

RIM's 8820 model, released mid-July, offers Wi-Fi in addition to 
traditional cellular connectivity.

The company's director of product management for WLAN and VOIP, Kevin 
Oerton, said it should make no difference security-wise whether a user 
is accessing BlackBerry services from home, a hotspot or within the 
enterprise.

He said the BlackBerry Enterprise Server, a wireless platform which acts 
as the conduit through which all RIM enterprise services are delivered 
to mobile devices "offers security from the device all the way into the 
BlackBerry Enterprise Server."

In addition, Oerton said the company employs 256-bit AES encryption so 
transmission and data can't be read.

Upon the product release, analysts raised security concerns around the 
use of Wi-Fi for business, saying Wi-Fi security fears reduced this 
channel to harmless Web surfing, albeit at a higher throughput.

Jon Arnold, principal of Toronto, Ont.-based J. Arnold & Associates, 
acknowledged the security fears that enterprises would have with public, 
unlicensed spectrums, like Wi-Fi hotspots. "There's more vulnerability 
there," he said.

Companies likely wouldn't encourage employees to conduct business 
transactions on e-mail accessed via Wi-Fi, he said. "I don't think 
you're going to be doing your really sensitive secret stuff over Wi-Fi."

Another analyst, expressed concern that the growing number of mobile 
devices made data leakage easier should devices get lost or stolen. 
"There will be more things sitting on this device, what happens when it 
gets stolen?" asked Roberta Fox, senior partner with Mount Albert, 
Ont.-based Fox Group Telecom Consulting.

This increasing dependence on mobile devices to conduct business, she 
said, would likely mean secure-sensitive corporations, in particular, 
would likely not embrace the Wi-Fi functionality.

Companies should enforce policies around device usage for business, 
whether cellular or Wi-Fi, Fox suggested.

Oerton acknowledged "historical speed bumps" in Wi-Fi security upon 
which enterprises may be basing their concerns, but believes enterprises 
now feel very comfortable with the level of security enabled by various 
technologies out there.

In addition, he said, end users most often don't secure their Wi-Fi 
access points, which is what leads to problems. "That's why it's 
critical for the device all the way through to the BlackBerry Enterprise 
Server to provide triple AES encryption independent of whether the users 
set up Wi-Fi security at home."

To ease persistent security concerns, he recommends enterprise customers 
deploy a virtual private network (VPN) -- often used by organizations 
for remote access -- in tandem with Wi-Fi rollouts.

Although 8820 was designed for the enterprise, Oerton expects adoption 
to be highest among those industry verticals already known for 
ubiquitous Wi-Fi use, like health-care, retail, manufacturing and 
hospitality. "All of these have a need to bring the benefits of IT to a 
highly mobile workforce," he said.

However, he's not excluding an eventual wider adoption: "Benefits of 
8820 should bring additional enterprise and industry verticals to the 
table because of the new benefits that are being made available through 
Wi-Fi."

Earlier Wi-Fi rollouts that initially focused solely on access in 
conference rooms and visitor lounges is now becoming more ubiquitous 
across the organizations, said Oerton.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jul 29 2007 - 23:19:43 PDT