- Sunday, 22 November 2009
- INQ Mobile
- RSS
Art is making something out of nothing and selling it - Lewis Carroll
Blackberry phones get eavesdropping spyware
BLACKBERRY USERS are being warned that a freely available spyware program will turn their crackberry into a listening device.
The application is called Phonesnoop and allows remote users to listen in on a Blackberry user's surroundings. The spyware app uses standard Blackberry APIs to intercept incoming calls. Once the software is installed, a call from a trigger phone number will activate the listening feature through the phone's built-in speakerphone feature to listen to everything that's going on around the phone.
The program's developer, Sheran Gunasekera, says on his blog that he only wanted to point out the dangers of using Blackberry phones carelessly.
The Phonesnoop app doesn't try to be stealthy, though. After it's installed it is clearly visible in the downloads section of the device's user interface. When the listening feature is activated the screen looks as though it is on a call. This is not hard to detect.
The US Computer Emergency Readiness Team has jumped on this 'threat' and issued a warning, basically telling crackberry addicts to use a password to protect their phone and, err, don't let other people download things to your handset. They even warn against downloading software if you are not sure who made it, which is surely one of the first things that everyone learns about downloading any software.
While a phone in your pocket is unlikely to listen in on your high level talks discussing the security of a mainframe at a major bank, and more likely to pick up a muffled shopping trip, the knowledge that such software exists and isn't all that difficult to develop does give one pause.
Earlier this year the leading mobile operator in the United Arab Emirates, Etisalat, tried to download a patch to 100,000 of its BlackBerry customers that later turned out to be a spyware program. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Unlike leaky PCs and Macs, security on mainframes WORKS (you can rely on RACF and z/os in general....). So you can feel free to discuss mainframe security while your eavesdropping cranckberry is around. Of course one should avoid speaking his userid/pw.... (as usual, the user is the weakest link)
Etisalat... freely draining poor consumers' wallets with their monopolistic practices, rather than being brilliant enough stop blocking VOIP and 'restricted' websites. Well, didn't realize that their codeword for self-redemption was free spyware!
Etisalat... freely draining poor consumers' wallets with their monopolistic practices, rather than being brilliant enough to stop blocking VOIP and 'restricted' websites. Well, didn't realize that their idea of self-redemption was by serving up free spyware!
The threat of smartphone malware was predicted over and over again when the first smartphone handsets came out. It was also predicted when the first iPhone was released and again when Apple launched its App Store.
Vendors such as Apple have learned very quickly that you shouldn’t allow anything to install and run on your phone without a recognised certificate. Apple is practicing this very successfully in the form of its walled garden app store, testing and certification process. If you create a binary for the iPhone you simply can’t upload and run that on your own iPhone or anyone elses. As a user, you simply can’t go and install software from just anywhere, you have to get it from Apple’s store where everything has been pre-screened for embedded malware threats.
However, smartphone platforms that allow users to install applications from untrusted sources do run the risk of issues, if not from malware but simply from poor coding that can destabilise an otherwise reliable handheld device. RIM’s BlackBerry devices run this risk, as users can download applications from anywhere, not just RIM’s app store. The same applies to Google Android devices, anything Windows Mobile-based and other platforms such as Symbian.
Until these platforms tighten up their third-party application processes, the risk remains. But it is just that – a risk – one that has so far failed to manifest itself as an actual threat.
Michael St. Neitzel
Vice President Threat Research & Technologies
Sunbelt Software
Michael St. Neitzel:
Your solution is worst then the problem.
I don't want some company (for example, apple) deciding for me what I can and can't do with my smartphone / computer / other device.
This is one of the reasons I don't have an iphone.
The reason for 95% of the existing infected computers is people dumb enough to click on the "You're the 100000th visitor! This isn't a joke, you really are!!!11" banners and dumb enough to download the "really cool" screensaver / mouse icons. Don't be stupid, use a good browser, correctly configure your firewall and you won't have spyware.