When it comes to mobile security, uninformed journalists are a security researcher’s worst enemy. They have the tendency to make tiny outbreaks look large – after all, they need some content for the front pages…

This has happened with the recent “BlackBerry hack” – let’s see what CNet has to say:

Tyler Shields, a senior researcher at the Veracode Research Lab, has written a piece of spyware that allowed me to shoot an SMS command to his phone and have his contact list forwarded to my e-mail address in a demonstration. With another short text command, I was able to get his BlackBerry to e-mail me any SMS messages he sends.

And if I had wanted–and he had allowed me–I could have seen a log of all his calls, monitored his inbound text messages, tracked his location in real-time based on the GPS (Global Positioning System) in his device and turned his microphone on to listen to conversations in the room and record them.

“It’s trivial to write this type of code using the mobile provider’s own API [application programming interface] they provide to any developer,” Shields said in an interview in advance of his talk on the spyware scheduled for the ShmooCon security show on Sunday.

Hair pulling, eeking and scratching immediately followed. But TamsBlackBerry readers should keep their hair on.

The reason is that this application is not a real threat. It is a remote control application, like hundreds of others which are used every day. It can not be installed remotely – and can’t reproduce itself either.

So, keep your hair on and stay cool…


Related posts:

  1. BlackBerry PlayBook native code hack beats RIMís SDK to the punch
  2. RIM unveils new developer tools. Life for developers made easy…!!
  3. RIM and QNX – the reasons
  4. Google releases “global find” for BlackBerry
  5. Chinese “scam virus” claims 1 million victims

4 Responses to “On the “Blackberry hack””

  1. Evidently there’s a covalent problem with bloggers who don’t read the news articles they review. The point you wanted to make was made in fact by the “uninformed” CNET journalist in the very same article. It appears the shortcoming is your own.

  2. Hi not,
    thank you so much for talking back!

    The point I was trying to make was this: multiple sources quoted the article as “scarepiece”…

    All the best
    Tam Hanna

  3. Thanks for clearing that up Tam. I didn’t catch that intent.

    This app is double edged. Some might use it as a feature as you mention. Others may use it nefariously. This kind of code could be embedded in any of a variety of apps installed by an unwitting user. The fact that the user must first install the software does not make it “not a real threat”. It only changes the description of the threat.

    Still it is a good point you made that there is no news in this. There actually are no systems entirely immune from this type of attack.

  4. Hi,
    full ACK!

    Hope you continue to enjoy the TCN! BTW – I might start BlackBerry software reviews soon!

    Tam

Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe without commenting

© 2013 TamsBlackBerry - the BlackBerry blog Suffusion theme by Sayontan Sinha