Check: BBDS-00-000110
Policy SRG:
BBDS-00-000110
(in version v1 r1)
Title
The BlackBerry Device Service server must prevent the installation of applications that are not digitally signed with an organizationally accepted private key. (Cat I impact)
Discussion
Any additions of applications can potentially have significant effects on the overall security of the system. Digital signatures on code provide assurance that the code comes from a known source and has not been modified. This feature is a key malware control on mobile devices.
Check Content
Application lists can be created for installation on the mobile devices. The applications can be identified as "Optional" or "Required". If an application is identified as "Required", it must be installed on the device, and cannot be removed by the user. After a software configuration is created on the BlackBerry Device Service server, approved applications are add to the software configuration and identified as optional or required. In addition, Before you can make an application that is developed by your organization available to BlackBerry devices on the BlackBerry App World storefront Work tab, Research In Motion requires that the RIM signing authority system digitally sign the application. The RIM signing authority system uses public key cryptography to authorize and authenticate the application code. When a user starts the application, the BlackBerry OS verifies that the RIM signing authority signed the application files and that the application files have not changed since that application was installed. Create a software configuration: 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software. 2. Click Create a software configuration. 3. In the Configuration information section, in the Name field, type a name for the software configuration. 4. Click Save. Add an app to a software configuration: You must add an app to a software configuration to send the app to BlackBerry devices. If you want to upgrade an app, you must add the new version of the app to the appropriate software configuration. 1. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software. 2. Click Manage software configurations. 3. Click the software configuration that you want to add an app to. 4. Click Edit software configuration. 5. On the Applications tab, click Add applications to software configuration. 6. Search for the app that you want to add to the software configuration. 7. In the search results, select an app that you want to add to the software configuration. 8. For apps in the applications repository, in the Disposition drop-down list for the app, perform one of the following actions: * To install the app automatically on devices, and to prevent users from removing the app, select Required. * To permit users to install and remove the app, and to add the app to the Work tab in the BlackBerry World storefront, select Optional. 9. Repeat steps 6 to 8 for each app that you want to add to the software configuration. 10. Click Add to software configuration. 11. Click Save all. See the "Managing app availability on devices" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 6.2 Administration Guide for further details and other available options. If the system does not prevent the installation of applications that are not digitally signed with an organizationally accepted private key, this is a finding.
Fix Text
Configure the BlackBerry Device Service server to prevent the installation of applications that are not digitally signed with an organizationally accepted private key.
Additional Identifiers
Rule ID:
Vulnerability ID: BBDS-00-000110
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000352 |
The information system prevents the installation of organization-defined critical software programs that are not signed with a certificate that is recognized and approved by the organization. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |