The US Computer Emergency Readiness Team has issued a security alert concerning a free application for the BlackBerry which can turn the handset into a bugging device.
The software needs to be installed on a target device by someone with access to it, or by tricking the user into downloading the application.
"You install and run PhoneSnoop on a victim's BlackBerry," wrote Sheran Gunasekera, the application's author, in a blog post.
"PhoneSnoop sets up a PhoneListener and waits for an incoming call from a specific number. Once it detects a call from that specific number, it automatically answers the victim's phone and puts the phone into SpeakerPhone mode. This way, the attacker that called can now hear what's going on at the victim's end."
Gunasekera said that the software was written as a proof-of-concept to show how easy it would be to turn the BlackBerry into a bugging device. The code is not on general release, but is in circulation, which may have prompted the security alert.
The application is easily detectable as it shows up on the BlackBerry applications page, unlike other phone bugging software like Flexispy and Mobile Spy.
Gunasekera has released a tool called Kisses that allows BlackBerry users to identify any hidden applications on their handsets.
See also:
Experts urge banks to re-examine the security of their back-end infrastructure 07 Sep 2009
The government looked at the correspondence of one in every 78 adults last year 10 Aug 2009
All Hacking Tags: Blackberry, Us-cert, Phonesnoop, Threats, Smartphones, Communications, Security
del.icio.us
Digg this
reddit!
