US-CERT warns of BlackBerry snooping software

By Robert Westervelt, News Editor 29 Oct 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The U.S. Computer Emergency Readiness Team is warning BlackBerry users about new software that could be used by hackers to turn the smartphone into a listening device.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

An application called PhoneSnoop can configure the phone's speakerphone function to enable a hacker to listen to surrounding conversations remotely. The software uses a BlackBerry API to intercept incoming calls. Once the software is downloaded and installed, the software is triggered by a simple phone call, placing the device into speakerphone mode.

Sheran Gunasekera, the developer of the snooping application, wrote on his blog that he wanted to shed light on the threats posed by careless use of BlackBerry smartphones. Gunasekera said the application can be easily detected and is visible in the BlackBerry user interface.

"While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware," Gunasekera wrote.

Gunasekera posted a YouTube video demonstrating how PhoneSnoop works. He introduced the tool on Oct. 19, but only made the software available for download Oct. 23, tweaking it to allow users to create a customized trigger number.

SearchSecurity radio:

The US-CERT warned BlackBerry users to password protect their devices and only download software from trusted sources.

"This software allows an attacker to call a user's BlackBerry and listen to personal conversations," the US-CERT said. In order to install and setup the PhoneSnoop application, attackers must have physical access to the user's device or convince a user to install PhoneSnoop."

Eric Chien, technical director at Symantec Corp.'s security technology and response division said he considered the software software a proof-of-concept and not a major threat to BlackBerry users. Writing in the Symantec blog, Chien said the snooping software raises awareness about other types of BlackBerry attack scenarios documented by researchers such as spoofing, data theft and service abuse.

The Apple iPhone is not immune to remote snooping. In 2007, security researchers Charlie Miller, Jake Honoroff and Joshua Mason demonstrated a proof-of-concept vulnerability that enabled an attacker to take full control of the iPhone including its camera and speaker. A demonstration showed the vulnerability's ability to make phone calls and send all stored data to any remote server.

Tags: Smartphone and PDA Viruses and Threats,  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Smartphone and PDA Viruses and Threats iPhone worm Rickrolls jailbroken phones Mini guide: How to remove and prevent Trojans, malware and spyware SMS attacks against BlackBerry certificate flaw possible MMS messaging spoof hack could have global ramifications Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws Latest Apple iPhone features prompt security concerns SMS mobile worm attacks Symbian smartphones Smartphone security lacking at many businesses RIM warns of serious vulnerability in BlackBerry Web loader Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project Security book giveaway: Under-the-radar information security threats

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) man in the browser  (SearchSecurity.com) phlashing  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary