US-CERT warns of BlackBerry snooping software

By Robert Westervelt, News Editor 29 Oct 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The U.S. Computer Emergency Readiness Team is warning BlackBerry users about new software that could be used by hackers to turn the smartphone into a listening device.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

An application called PhoneSnoop can configure the phone's speakerphone function to enable a hacker to listen to surrounding conversations remotely. The software uses a BlackBerry API to intercept incoming calls. Once the software is downloaded and installed, the software is triggered by a simple phone call, placing the device into speakerphone mode.

Sheran Gunasekera, the developer of the snooping application, wrote on his blog that he wanted to shed light on the threats posed by careless use of BlackBerry smartphones. Gunasekera said the application can be easily detected and is visible in the BlackBerry user interface.

"While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware," Gunasekera wrote.

Gunasekera posted a YouTube video demonstrating how PhoneSnoop works. He introduced the tool on Oct. 19, but only made the software available for download Oct. 23, tweaking it to allow users to create a customized trigger number.

SearchSecurity radio:

The US-CERT warned BlackBerry users to password protect their devices and only download software from trusted sources.

"This software allows an attacker to call a user's BlackBerry and listen to personal conversations," the US-CERT said. In order to install and setup the PhoneSnoop application, attackers must have physical access to the user's device or convince a user to install PhoneSnoop."

Eric Chien, technical director at Symantec Corp.'s security technology and response division said he considered the software software a proof-of-concept and not a major threat to BlackBerry users. Writing in the Symantec blog, Chien said the snooping software raises awareness about other types of BlackBerry attack scenarios documented by researchers such as spoofing, data theft and service abuse.

The Apple iPhone is not immune to remote snooping. In 2007, security researchers Charlie Miller, Jake Honoroff and Joshua Mason demonstrated a proof-of-concept vulnerability that enabled an attacker to take full control of the iPhone including its camera and speaker. A demonstration showed the vulnerability's ability to make phone calls and send all stored data to any remote server.

Tags: Smartphone and PDA Viruses and Threats,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Smartphone and PDA Viruses and Threats Spyware code targets BlackBerry users Protecting enterprise networks from new mobile application downloads Credit union warns of phony banking Android app GSM cell phone encryption crack may force operators to upgrade Is mobile malware all hype? How do hackers bypass a code signing procedure to inject malware iPhone worm Rickrolls jailbroken phones Mini guide: How to remove and prevent Trojans, malware and spyware SMS attacks against BlackBerry certificate flaw possible MMS messaging spoof hack could have global ramifications Emerging Information Security Threats Leverage Google Attacks to Improve Cybersecurity SCADA system, critical infrastructure security lacking, survey finds Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Information security podcasts: 2009 archive Hathaway calls for international cybercrime task force Active PDF attacks target Reader, Acrobat zero-day vulnerability Sites hit with massive automated SQL injection attack Cybercriminals invest in social networking attacks Best practices for (small) botnets

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) man in the browser  (SearchSecurity.com) phlashing  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary