The BlackBerry was originally introduced to the world in 1996 as a two way pager by Research in Motion (RIM). It has evolved into an all-in-one communication device that has become an enterprise mobile standard in many organizations.
Over the last few years security vulnerabilities for BlackBerry devices have been few and far between, but those that have been released have been significant. These vulnerabilities usually involve data being stolen or the compromise of a protected network by allowing mobile devices in the environment. This is why it is extremely important that the users of these mobile devices take all the precautions they can to help protect their digital assets. The simplest and most effective way to do this on the BlackBerry is with the built-in BlackBerry firewall.
The BlackBerry firewall is a simple application that is embedded in to each BlackBerry device. This application provides an additional level of security to help protect the end user and their data. On the new BlackBerry Storm, the firewall comes disabled by default, but others have stated that their older devices come with the firewall enabled by default. Either way, if you are a BlackBerry owner, the following will explain how to use the firewall.
Some of the options listed below may not be available on older BlackBerry devices, but the general settings will still apply.
Enabling/Disabling the Firewall
To enable or disable the BlackBerry firewall, click on the BlackBerry button, the select Options -> Security Options -> Firewall. Inside the “Firewall” menu, you will find a drop down menu to either enable or to disable the Firewall. Once you make the selection, all you have to do is press the esc button and save the settings (figure 1).
Figure 1: Enabling the BlackBerry Firewall
Configuring Rules / Permissions on the Firewall
Now that the firewall is enabled, let’s take a look at some of the options we can set to improve the security of the device.
Figure 2: Firewall Options
As you can see from figure 2, the firewall allows you to setup rules to help protect from receiving unsolicited SMS, MMS, PIN and Email. It also protects you against applications accessing the Internet without permission. First let’s take a look at stopping applications from accessing the internet without permission. To do this we will enable the “BlackBerry Internet Service” (BIS) option, and then save the settings.
Figure 3: BlackBerry Firewall blocking Opera Mini
If an application is blocked by the firewall, as you see in figure 3, you will be given the opportunity to create an exception to allow that application to that particular site or to allow it to any site. Please choose wisely when doing this. Enabling the BlackBerry Internet Service Blocking only works on applications that you have not previously set the security permissions to allow internet access by default. Upon the downloading or installation of a new application, the BlackBerry will normally give you an option to set the security permissions. It is good practice to set these permissions to least privilege or to prompt for permission before accessing the Internet. To see what permissions are set for a particular application, you can check by going to Options->Security Options->Application Permissions menu option, select the application from the list and press the BlackBerry button to edit the permissions (figure 4). I find that having the permissions set to prompt or default, the firewall will take control of the connection.
Figure 4: Granting Slacker Mobile Internet Access
Warning: changing security permissions may require a reboot before the settings will take effect.
Now that we covered application layer of the firewall, let’s take a look at using the firewall to block spam or other unsolicited messages. By enabling blocking for SMS, MMS or Pin, you will block messages from everyone unless you also select “Contacts” or “Specific addresses” under “Except messages from” section (figure 5).
Figure 5: Enabling the “Except” SMS Blocking Firewall
Though you will be blocking unwanted messages, some carriers may still charge you for the messages you received unless you have an unlimited data / text messaging plan. Be sure to verify how blocked messages are handled by your provider. Finally, you will not be able to retrieve messages blocked by the Firewall — once blocked, they are gone.
How to Remove Policy from the BlackBerry
Sometimes certain features appear to be locked out by a red X or lock. This is usually due to a BES (BlackBerry Enterprise Service) policy being enforced on your device by your company’s Information Technology department. We only mention this in this update due to the fact that sometimes certain security settings will be locked, and you cannot edit them without the removal of the policy.
This can be fixed one of two ways. The first way is to ask your Information Technology department to change the policy; this usually requires a business need. The second way is if you no longer work for the company you can use a tool called “CrackUtil.” This tool is extremely powerful and could damage your phone if used without first reading the directions. Before using this tool it is recommended that you sync and backup your phone.
To use this tool, open it, select Clear Settings — ADVANCED tab, and hit the [Reset IT Policy] button. This will reset the policy on the phone to the factory default settings allowing you to change and manage security permissions as you see fit (figure 6).
Figure 6: Resetting the BlackBerry Policy with CrackUtil
If this is a business BlackBerry, doing anything to the policies could get you in trouble!
In conclusion, although BlackBerry hosts one of the most secure mobile operating systems, there have been and will be attacks that can lead to loss of data or network breaches. The firewall, when properly enabled and configured, is a powerful defense tool. In addition to preventing malware from hijacking a data connection, it can be used to block malicious messaging and/or SMS spam. In fact, is more proactive then the antivirus products currently available for the BlackBerry operating system.