Wednesday February 10, 2010 2:00 AM AEST

SC Magazine Australia/NZ > News > Mobile > Smartphone > US CERT warns of malware attack against BlackBerry

Vulnerability Alerts

SANS

Infocon: green
Oracle has an unscheduled security alert and patch for CVE-2010-0073. The issue affects WebLogic Server and is remotely exploitable. Details and patch are here http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html, (Tue, Feb 9th)

Microsoft

Microsoft Security Bulletin Advance Notification for February 2010
Microsoft Security Advisory (980088): Vulnerability in Internet Explorer Could Allow Information Disclosure

CERT/CC

Latest Comments

"I too have been a labor voter for many years and will not be voting for them again. The ..."

on Net filter legislation to go public by March

by maxt | Feb 9, 2010 7:56 PM

"I’ve just had a user receive a rehashed version of this with an attached html file containing a ..."

on ATO struck by new phishing scam

by Owen Lutz | Feb 9, 2010 6:01 PM

"hi"

on Chinese hacker school shut down

by manish kumar | Feb 9, 2010 4:27 PM

"Hey 'hey con-roy' ... from Google Australia's head of policy Iarla Flynn"We don't believe that ..."

on Conroy meets with Google for YouTube filtering

by Keep it real | Feb 9, 2010 3:33 PM

"@penno Off-site storage is a good solution unless you have some decent backup software to ..."

on Opinion: My holiday tip - backup your data now

by Charmgene | Feb 9, 2010 2:36 PM

Smartphone

US CERT warns of malware attack against BlackBerry

PhoneSnoop app compromises privacy.

The United States Computer Emergency Readiness Team (USA-CERT) has issued an alert over a free application for the BlackBerry which allows users to listen in on other people’s calls.

The software needs to be installed on a target device by someone with access to it, or by tricking the user into downloading the application. Once installed, a third party can listen in on any calls.

“You install and run PhoneSnoop on a victims’ BlackBerry,” wrote the application’s author in his blog.

“PhoneSnoop sets up a PhoneListener and waits for an incoming call from a specific number. Once it detects a call from that specific number, it automatically answers the victims’ phone and puts the phone into SpeakerPhone mode. This way, the attacker that called can now hear what’s going on at the victims end.”

Gunasekera said that the software was written as a proof of concept to show how easy it would be to turn the BlackBerry into a bugging device. While it is not on general release the code is in circulation, which may have prompted the US-CERT alert.

He says that the application is easily detectable as it shows up on the applications page, unlike other phone bugging software like Flexispy and Mobile Spy. He has also released a tool to allow BlackBerry users to see what applications are hidden on their handsets.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Mobile Whitepapers

US CERT warns of malware attack against BlackBerry

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management