BlackBerry, other smartphone users easy spy targets
IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset's location via GPS.
And ironically, Sheran Gunasekera, head of research and development at ZenConsult, said the BlackBerry is one of the most secure smartphones available, in some ways better than the iPhone.
"There is no technical way of hacking a BlackBerry, it's impossible," said Gunasekera, during a presentation at the Hack In The Box security conference in Kuala Lumpur. "It's just too secure for that. So we have to rely on social engineering."
For hackers, social engineering is the art of tricking someone into loading spyware onto a device or finding some other way to install it, such as borrowing the device and downloading malware from the Internet or a MicroSD card, for example.
One way to entice a BlackBerry user to download spyware onto their smartphone is by offering a free application that appears to be a game or some other harmless software, but in fact carries a dangerous payload. Enticing slideshows are even easier to get users to accept, Gunasekera said.
"I will have the slideshow running on top and the spyware doing its nastiness on the bottom," he said.
What kind of nastiness?
A small piece of software able to conceal itself by not appearing on the BlackBerry's application menu, nor taking up much memory space nor using much processing power, can allow a hacker to do all kinds of things.
"People tend to put a lot of personal data on a BlackBerry," he said, but it's not just the data on the phone that's at risk.
Spyware on a BlackBerry could intercept a phone call and let the hacker listen in, or even let the hacker listen to a meeting the victim is sitting in on. By silently answering the victim's phone, then turning on the speakerphone, the spyware could allow the hacker to overhear the meeting. It could also forward incoming and outgoing text messages to the hacker, and even enable the hacker to write messages from the victim's BlackBerry, or run up the victim's phone bill by making international calls.
The hacker could also program the spyware to have the handset's camera take pictures every 10 seconds, for example, to see find out the victim's location.
One recent example shows a massive installation of spyware on BlackBerry phones in the United Arab Emirates.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
HITB
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
