Slashdot Mirror
Blackberry "Spy" Software Released
Noryungi writes "Maybe the French were on to something after all. It turns out that there is a software available to easily spy on Blackberries, recording voice conversations and all messages (emails or SMS text message) that transmit through the portable device. Of course, the software has to be installed by the owner of the Blackberry, but it would not be surprising to find out that someone has found a way to silently auto-install that software on RIM devices. ZDNet reports that RIM isn't concerned: 'Ian Robertson, senior manager of security and research at RIM, said users need not be particularly worried about the capability of FlexiSPY. "While it's the subject of some debate, I don't consider it a virus nor a Trojan, as it does require conscientious effort from the user to load the program," he said. Robertson said an average user that maintains good [gadget] hygiene would never see the software loaded onto their device without their knowledge.'"
>an average user that maintains good [gadget] hygiene
SELECT id,name FROM averageusers WHERE good_gadge_hygiene=TRUE;
0 ROW(s) returned.
I'm sure most of you have seen your bosses leave their blackberry, Treo or whatever device they have lying around or just hand it off to the secretary who leaves it on the desk. They really should find some way to alert people if this software or software like this gets on the device as in my humble opinion this is a huge risk for the people who need to have semi-secure communication in most companies I have seen.
Also, I'd like to mention that in my experience, it's often those with the most crucial conversations (ownership/upper management) are the ones who hand off their Blackberry to others for maintenance, etc. A disgruntled/bribed tech could very easily install this.
One other note -- if a user needing to take action to install malware wasn't a problem, we wouldn't see so many compromised machines.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Why do people insist on perpetuating this myth? It is simply untrue.
Just as trivial as it is to sniff SSL traffic over the general internet. Trivial, and worthless.
I love it when people release these spy tools publicly. Finally "Joe Mousepad" can catch up with the NSA, and spy on his neighbors.
"Suspicion Breeds Confidence"
--
make install -not war
I imagine you can silently install this over the air from the BES server. In my current and previous job I am the only IT profesional in the company and the sole administrator of the BES server, if i could roll this out using the BES server to everyones blackberries then only i would know. I would then be able to listen to all of the senior management's mobile phone calls. Ahh the power of being the BOFH
Well, most people I know keep their blackberry in the holster when they are not talking on them... and if someone holsters it on their right side, its probably rotated forward so the top of the device faces forward. This means that the microphone is pointed toward the person's ass.
Are you sure you *really* want to hear what that microphone picks up? Especially *after* lunch?
-Rick