Download danger

The Blackberry handheld has become hugely popular in the business world as it gives staff access to their work e-mail account while they are out and about. In July 2006 Research In Motion, the makers of the Blackberry, said it had more than 5.5 million subscribers.

The method of using a Blackberry to penetrate corporate networks was demonstrated at the Black Hat hacker conference by researcher Jesse D'Aguanno of security firm Praetorian Global.

Mr D'Aguanno said the Blackberry was a good choice for penetrating business networks because the gadgets were always switched on, stayed connected to a company and were so powerful that they could run programs installed on them.

By tricking someone into downloading and installing the booby-trapped game, perhaps via e-mail, Mr D'Aguanno demonstrated how the Blackberry can become a secret route that takes attackers behind firewalls and defeats security measures.

"A malicious person could potentially use this back channel to move around inside of an organization unabated and remove confidential information undetected or use the back channel to install malware on the network," said Paul Henry of Secure Computing in a statement.

Mr D'Aguanno said he would release his hijacking code, called BBProxy, to researchers.

Research In Motion (RIM) played down the threat from Mr D'Aguanno's work and said he made "several reaching assumptions" about how corporates use the Blackberry.

RIM said Blackberry handhelds could only run third-party programs, such as games sent to them via e-mail, if the permission is explicitly granted by network administrators. Access to wider corporate networks is typically limited too, it said.

RIM has also updated its security site to show users more secure ways of using the Blackberry handheld and to avoid falling victims to trojans that hide malicious code.