Your BlackBerry's dirty little security secret

The Moneky Steals The Berries

Tyler Shields, senior member of the Veracode Research Lab, spends a lot of time picking apart those BlackBerry devices that are ubiquitous across the enterprise. What he's found may disappoint those who thought they were secure.

At this week's SOURCE Boston conference, Shields will present his findings in a talk called "BlackBerry Mobile Spyware -- The Monkey Steals the Berries.

See also: 3 Simple Steps to Hack a Smartphone (Includes Video)

He'll explain how the bad guys can plant spyware on the device and make off with your sensitive data, and offer some advice on how users can defend themselves.

He'll talk about an application called FlexiSpy, which allows users to get copies of SMS, call logs, e-mails, locations and listen to conversations within minutes of purchase. He quotes the FlexiSpy website as saying, "Catch cheating wives or cheating husbands, stop employee espionage, protect children, make automatic backups, bug meetings rooms, etc." Then there's Mobile Spy, which will "allow you to see exactly what they do while you are away," according to the website. "Are your kids texting while driving or using the phone in all hours of the night? Are your employees sending company secrets? Do they erase their phone logs?"

To be fair, some could view these as security-enhancing programs, particularly the part about catching employees sending out data that's restricted. But spyware has always been a double-edged sword. IT administrators have long used variations of it to access remote company machines that need repair, for instance.

But Shields will focus on the dark side of smart phone spyware.

"Mobile spyware is trivial to write and the security model of mobile platforms is too loose," Shields said. "There's no easy or automated way to confirm for ourselves what the applications are actually doing and we're trusting the vendor application store provider for the majority of our mobile device security."

The talk will be similar to one Shields gave at the ShmooCon conference in February. Another talk at that gathering focused on the variety of ways attackers could exploit the iPhone.

In that presentation, Trevor Hawthorn, founder and managing principal at Stratum Security, discussed security holes (since fixed) found in AT&T's network, which Apple's iPhone uses, and how an epidemic of "jailbreaking" is disabling critical security controls on the device.

Jailbreaking is a process iPhone and iPod Touch users can exploit to run whatever code they want on the device, whether it's authorized by Apple or not. Jailbreaking the phone allows you to download a variety of apps you couldn't get in the Apple App Store.

For those who hate Apple's heavy hand and welcome any method to thumb a nose at the company's decrees, jailbreaking is very attractive. But there's a problem, Hawthorn said. A big one.

"Jailbreaking wipes away 80 percent of the iPhone's security controls," he said at the time. "Since nearly 7 percent of all iPhones are jailbroken," the bad guys have plenty of targets to choose from.

Read more about wireless/mobile in CSOonline's Wireless/Mobile section.

Join the PC World newsletter!

Error: Please check your email address.

Tags BlackberryVulnerabilitiessecurityexploitsspywarehacking

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bill Brenner

CSO (US)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?