Penetration testing consultancy NTA Monitor found unencrypted ports from the heart of their network to service providers. The providers, in turn, opened a return back to the BES that would pass through firewalls without any policies being applied. This left the network open on several levels, including session hijacking, IP spoofing, or just interception of unencrypted traffic. The commonest cause of the flaw was simply cost, according to NTA’s technical manager, Adrian Goodhead. The company recommends implementing a BES in a demilitarized zone (DMZ)”]
Source: https://www.csoonline.com/article/2122616/techworld–blackberry-servers-ripe-for-the-hacking.html