BlackBerry Enterprise Solution Security Evaluation

BlackBerry-Analysis

The security of IT systems used for business purposes is a central topic where economic aspects are concerned. Quintessential for reaching a higher degree of IT Security is the awareness for IT risks, a holistic point of view and a security assessment of the assigned IT systems by developer-independent testers. Based on its longstanding experience in the IT Security sector the Fraunhofer Institute SIT has developed a methodology for IT Security assessments that covers different evaluation depths, considers the entire solution and is applied to projects reviewed at the Fraunhofer SIT IT Security Test Laboratory.

Research In Motion (RIM) engaged Fraunhofer Institute SIT to evaluate the security of the BlackBerry components, interfaces, software platforms, environments and the protocols of the BlackBerry Enterprise Solution. RIM has given Fraunhofer access to highly confidential information in order to be able to review the solution through its paces.

Fraunhofer Institute SIT has completed their initial security analysis of the BlackBerry® Enterprise Solution for mobile email-push-services.

The analysis was carried out as three major projects:

  • The first project analyzed the security of the communication between the major components of the BlackBerry Enterprise Solution – the BlackBerry Enterprise Server, BlackBerry smartphone, and the BlackBerry Infrastructure.
  • The second project analyzed the security of the communication between the individual components of the BlackBerry Enterprise Server and the processes involved.
  • The third project focused on the BlackBerry smartphone and the analysis of relevant physical and logical interfaces to the smartphone and its environment such as the Internet.

In addition to the communication content and processes, the project team also evaluated the security of standard BlackBerry Enterprise Solution applications such as e-mail attachment viewing, access and integration of corporate data sources and the usage of the Personal Information Management (PIM) applications.