RSS Alerts

Share

More services

Related Links

  • US-CERT
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Thales achieves Common Criteria EAL 3 security certification
    Thales has announced that its Datacryptor high-speed SONET/SDH and Ethernet Layer 2 hardware-based network encryptors have received Common Criteria Evaluation Assurance Level (EAL) 3 certification.
  • Vietnamese CERT operation in trouble for tracking hackers
    Reports on the Australasian newswires say that Vietnam Computer Emergency Response Team (CERT) has received an "official complaint" from its South Korean counterpart KrCERT, claiming the South Korean agency had never requested any help to investigate the attacks.
  • Comment: The Future of Smartphone Security
    Daniel Burrus, founder and CEO of Burrus Research, outlines the future of smartphone security, including insight into how smartphone apps will affect the information security industry
  • Smartphone security has privacy problems
    WXPI, a Pittsburgh, Pennylvania-based TV station has quietly broken a story which could have profound repercusions on the security of so-called smartphones - mobile phones with computer-like qualities.
  • Siri’s security protocol cracked by the Applidium team
    Reports are coming in that Apple’s jewel in the crown with the iPhone 4S – Siri, the voice interactive interface – has been cracked for use on almost any iPhone, although Infosecurity understands there are speed problems with installing Siri on the iPhone 2 and 3 series.

Top 5 Stories

News

BlackBerry users warned by US-CERT on eavesdropping PhoneSnoop application

28 October 2009

The ability of the latest BlackBerry series of mobile phones to create a secondary remote eavesdropping voice stream has reached the headlines again, with the US Computer Emergency Readiness Team (US-CERT) issuing a warning about a new application called PhoneSnoop.

PhoneSnoop can only be installed by someone with physical access to the BlackBerry, Infosecurity understands, but, CERT said that if a remote user tricks the owner of the smartphone to install the software, then it will allow the monitoring of voice calls from afar.

The author of the application, Sheran Gunasekera, director of security for Hermis Consulting in Indonesia, is reported to have coded the software to highlight the security issues that still exist with the BlackBerry smartphone.

Reports of the technology on which PhoneSnoop is apparently based, first started appearing in the summer when users on the Etisalat network in the Middle East were sent text message by the network operator.

The text message encouraged BlackBerry users to download and install a software upgrade over the air.

By late July, Etisalat user forums were full of reports that the new software ran the BlackBerry's batteries down more quickly than normal, as it could - under certain circumstances - trigger remote eavesdropping of the voice channel.

The saga caused Research in Motion, the Canadian firm that developed the BlackBerry family of smartphones to issue an eight-page press statement that it did not authorise the software installation and "was not involved in any way in the testing, promotion or distribution of this software application".

"Independent sources have concluded that it is possible that the installed software could... enable unauthorised access to private or confidential information stored on the user's smart phone", the company said in its statement.

Gunasekera has not said how his PhoneSnoop software works but unconfirmed sources suggest it is similar in operation to elements of the software that Etisalat reportedly texted its BlackBerry users to download.

This article is featured in:
Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012