Monday, February 8, 2010

Filled Under: ,

BlackBerry Smoked at ShmooCon : Spyware

Just few days ago the big ShmooCon 2010 took place at the Washington DC from 5th to 7th of this month. It was obvious that some new would come from the con, and yes, one security researcher have done it. BlackBerry Smoked at ShmooCon : Spyware

BlackBerry phones have been hit this time with a new spyware which can do alot of stuff like the ability to access and dump the BlackBerry's contacts, email messages, phone logs, the device's current location and the recording made by the BlackBerry's microphone….

 

And the program which hacks the blackberry is called txsBBSPY written by Tyler Shields, a senior security researcher at Veracode, Well it seems that the engineers would be working on it.

 

The great thing about this software is that we don't need to make it hidden on some firmware or something its an application for the BlackBerry phones. Just install it and you can monitor the stuff you want to do.

 

The application was built using the controlled APIs that Research In Motion, the BlackBerry's maker, makes available to developers. In order to sign a BlackBerry application developed using these APIs, the developer has to apply for the signing keys and pay a small fee.

 

Once he has the keys, he can sign the application and a hash of the code is sent to RIM. However, RIM doesn't get the full source code of the application.

 

"Finally, it should be noted that while we chose BlackBerry for our proof-of-concept, this is not just a BlackBerry problem. All mobile platforms provide similar mechanisms for writing applications that have access to the user’s personal, potentially sensitive information," Eng writes.

 

 

TXSBBSpy Demo from Veracode on Vimeo.

 

 

Here is the video which they have used to demonstrate the idea behind this spyware. Hope you guys enjoy it and there are some good news too which adds fire to this thing is that these guys have also released the spyware source code.

 

Here are the source codes and the slides of this demonstration which you will need more then me.

Slides: Blackberry Mobile Spyware — The Monkey Steals the Berries
Source: txsBBSpy.java

Conclusion

This brings me to a conclusion that its not necessary that the official App stores are always safe as the if i could make this application and distribute in the open then anybody can do that.

 

Well that's what they also want to prove with this spyware to the industry and it makes sense to me as they have also said this can be done to many of the other mobile phones like iPhones etc.

 

Happy Hacking @hackerthedude

blog comments powered by Disqus