The Latest BlackBerry Spyware Scare: Don't Worry, Yet

Boo! New BlackBerry spyware can supposedly steal all your e-mail, listen in on voicemail messages and even wipe your smartphone clean. But CIO.com's BlackBerry guru Al Sacco isn't too worried. Here's why.

By
Mon, February 08, 2010

CIO UPDATE: Since this story was originally posted, it has been updated to include additional information from Veracode Research's Tyler Shields.

Here we go again. Another BlackBerry security scare, in which some "noble" researcher explains to all of us blissfully-unaware BlackBerry users that our precious devices aren't nearly as safe as we think they are.

Lions, tigers, mobile spyware. Oh my.



BlackBerry Bold 9700 with padlock on its display

This time it's security-software-maker Veracode decrying the BlackBerry's weaknesses. More specifically, Tyler Shields, a senior researcher with Veracode Research Lab, has put together and publicly released some proof-of-concept spyware code, dubbed TSXBBSpy, that can reportedly wipe a BlackBerry clean, distribute on-board data via e-mail and monitor voice-mail messages in real-time.

Why would Shields release the source code for such an app? Well, to show the world "how easy it is to write" of course.

Sounds frightening, right? Well, yes and no. First of all, such malicious software really isn't new. We've seen similar "spyware" emerge over the past couple of years with the growing popularity of the BlackBerry platform among RIM's traditional enterprise customer-base and in the massive consumer ranks.

The most recent example that comes to mind is PhoneSnoop, which could "turn your BlackBerry into a remote listening device." This app could indeed record your phone calls and send them to a third-party, but you not only had to install the suspicious app, but also grant it permission to your phone activity. As my friend, colleague and security-pro Ariel Silverstone put it in his blog post on the subject:

"It took over ten years for such a 'hack' as the listening software to be available. And it is not even a hack. It is no more a hack than a user being asked, in bold letters, to perform five steps to install spyware software on their pc...If someone does all of [this] they should be reminded how to buckle their belts on every airliner they board, and they indeed do not deserve a berry."

Ariel's point: Sure, software exists that can "hack" into your BlackBerry and potentially perform all sort of nefarious deeds. But the security safeguards built into RIM's BlackBerry OS make it extremely difficult for miscreants to do so without the approval, and often assistance, of the BlackBerry user.

Like much online malware, the BlackBerry spyware apps rely on human error, and protecting yourself and your users calls for education: education about the potential threats, and how you should never install questionable apps or software from suspicious sources; education on how the BlackBerry OS and its associated security-protections work, i.e., when to grant changes to permissions and when to be cautious; and education about how to get the most from your BlackBerry smartphone in general without subjecting yourself and your organizations to undue risk, a.k.a., always use a password and don't let your device out of your sight where someone could install spyware without your knowledge.

Continue Reading

White Papers »
Cloud-Scale Networks Using Open Fabric Architectures
Virtualization and cloud are driving new requirements for data center network performance, VM support, automation and simplified orchestration. This paper outlines Extreme Networks® open fabric approach to high speed, low latency networks for modern data centers.
Mobility in the Network: A Phased Technology Approach
The evolution of the network to provide the intelligence needed to address user, device and application mobility is underway. In this white paper, Extreme Networks® outlines the five phases required to bring mobility into the network.
Digital Transformation: Creating New Business Models Where Digital Meets Physical
Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil society, as well as friends and family.
Comparison of Avaya and ShoreTel UC Solutions
Whether you need to build a business case for a UC system, or are ready to select a new solution, this white paper offers a thorough, side-by-side comparison of ShoreTel and Avaya offerings to help you make informed decisions.
Comparison of Cisco and ShoreTel Unified Communication Solutions
Compared with Cisco products, ShoreTel UC can offer numerous advantages, including streamlined deployment and management, easier scalability, and a significantly lower total cost of ownership (TCO).
Investigating UC Vendors
This must-read publication features independent research from Gartner, providing a wealth of information around best in breed Unified Communication systems. 12 Unified Communications vendor ratings, along with their strengths and cautions, are provided.
Webcasts »
2012: Key Contact Center Trends and Priorities
Join us for this live web event where featured Forrester Research principal analyst, Art Schoeller and Interactive Intelligence senior vice president, Joe Staples will discuss these topics and help you be ready to take the best advantage of the upcoming year and the contribution your contact center can make to the success of your business.
Successful Mobility: Access and Performance Anywhere
Tune into this insightful webinar to see Riverbed Technology product marketing manager Joe Ghory present the facts on how you can ensure consistent performance wherever workers connect, get the most out of limited connectivity, and accomplish more by eliminating round trips and slow latency.
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.
Quantifying the Business Value of VMware View - Webcast
Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business
Deliver Private Cloud Database as a Service with VMware vFabric Data Director
VMware recently announced VMware vFabric™ Data Director, a new database deployment and operations platform that enables enterprise IT organizations to offer database as a private cloud service. Built on top of VMware vSphere 5, vFabric Data Director enables IT organizations to ontrol database sprawl through automation and consistent policy enforcement and accelerate application development cycles with self-service database management. Attend this webcast to learn how vFabric Data Director can help you build database-as-a-service in your datacenter.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Cloud-Scale Networks Using Open Fabric Architectures

Mobility in the Network: A Phased Technology Approach

Digital Transformation: Creating New Business Models Where Digital Meets Physical

Comparison of Avaya and ShoreTel UC Solutions

Comparison of Cisco and ShoreTel Unified Communication Solutions

Investigating UC Vendors

SIP Trunks and UC security

Nemertes Research PilotHouse Awards: IP Telephony

Best Practice Tips on Building a Unified Communications Business Case

Unified Communications Buyer's Guide

The Changing Role of Mobile Communications in the Workplace

Reduce Cellular Spend With ShoreTel Mobility

8 Critical Requirements for Secure Mobile File Sharing

The Changing Requirements of WAN Optimization

DLP for Tablets: An Intelligent Decision

Data Protection Strategies in the Age of the iPad

Symantec Data Loss Prevention for Tablets

The Convergence of IT Operations Management

Has Your Server Infrastructure Kept Pace with End User Demands?

Enterprise Strategy Group: The Case for a New Data-centric DLP White Paper
Resource Center
buy a link »
Ads by TechWords