BlackBerry 'spyware' can steal secrets

BlackBerry 'spyware' can steal secrets

Brett Winterford and Munir Kotadia, ZDNet Australia

03 July 2007 06:30 PM

Research in Motion's (RIM) BlackBerry which is popular with corporate users due to its secure management of mobile e-mail is vulnerable to 'legal' spyware that has been classified as a Trojan by several security vendors.

RIM's BlackBerry has won significant market share in the corporate sector due to a perception that it is impervious to security attacks.

But an updated version of the FlexiSPY application, considered a security threat by most IT security vendors, enables a remote attacker to tap into phone calls and e-mails sent to and from a Blackberry-enabled device.

"This is the first [Trojan] for a BlackBerry we have ever seen," said Patrik Runald, senior security specialist with F-Secure.

Marketed as a spyware device for BlackBerry phones, the FlexiSPY application by Bangkok-based manufacturer Vervata is sold on the premise that it can "spill BlackBerry secrets."

Once physically installed on a mobile device, a remote user is given complete monitoring and access control.

This includes bugging voice calls, logging mobile e-mail messages and SMS, tracking the location of the user, or even remotely switching on the phone's microphone to bug a user regardless of whether they are on a call.

While FlexiSPY also works on Windows Mobile and Symbian-based devices, and is sold on the premise of catching a cheating spouse, 'disloyal' employee or for the monitoring children, there can be no doubt that a BlackBerry targeted version is aimed squarely at corporate espionage.

Its use in a boardroom, for example, could have catastrophic implications for any organisation.

RIM, manufacturer of the BlackBerry, was unavailable for comment by press time.

The full artcle can be found HERE