Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blackberry "Spy" Software Released

Posted by Zonk on from the pack-a-toothbrush dept.

Noryungi writes "Maybe the French were on to something after all. It turns out that there is a software available to easily spy on Blackberries, recording voice conversations and all messages (emails or SMS text message) that transmit through the portable device. Of course, the software has to be installed by the owner of the Blackberry, but it would not be surprising to find out that someone has found a way to silently auto-install that software on RIM devices. ZDNet reports that RIM isn't concerned: 'Ian Robertson, senior manager of security and research at RIM, said users need not be particularly worried about the capability of FlexiSPY. "While it's the subject of some debate, I don't consider it a virus nor a Trojan, as it does require conscientious effort from the user to load the program," he said. Robertson said an average user that maintains good [gadget] hygiene would never see the software loaded onto their device without their knowledge.'"

2 of 91 comments (clear)

  1. They dismiss the risk -- I wouldn't by Red+Flayer · · Score: 5, Insightful

    Robertson said an average user that maintains good [gadget] hygiene would never see the software loaded onto their device without their knowledge.'"
    I think Robertson overestimates the average user. Either that, or it's not the "average user" we need to worry about -- it's the singnificant number of below-average users who could pose a problem. I know for certain that the marketroids with company-purchased Blackberrys at my company are the primary source of infections on our network.

    Also, I'd like to mention that in my experience, it's often those with the most crucial conversations (ownership/upper management) are the ones who hand off their Blackberry to others for maintenance, etc. A disgruntled/bribed tech could very easily install this.

    One other note -- if a user needing to take action to install malware wasn't a problem, we wouldn't see so many compromised machines.
    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  2. Re:France's reasons not related by Tack · · Score: 5, Insightful

    Specifically, all email data transferred to/from a Blackberry goes through RIM's "blackberry.net" service, which resides in the US.

    Why do people insist on perpetuating this myth? It is simply untrue.

    Very specific US wires and it would be trivially easy to sniff ALL Blackberry.net traffic with a few properly placed protocol analyzers.

    Just as trivial as it is to sniff SSL traffic over the general internet. Trivial, and worthless.