Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

US-CERT Warns Of BlackBerry-Spying Application

Free PhoneSnoop app listens in on BlackBerry users

Oct 29, 2009 | 01:11 PM

By Kelly Jackson Higgins
DarkReading

The US-CERT has issued a warning about a new, free BlackBerry application that transforms the phone into a bugging device.

PhoneSnoop, which runs on the victim's phone, lets an attacker stealthily call the targeted BlackBerry, answer the call, turn on the speakerphone, and let the attacker listen in on the victim. "It's as if someone called you, you picked up your phone, left the speakerphone on, [and left the call connected]," says Eric Chien, senior manager for security response at Symantec. The app has to be configured to recognize the attacker's phone number, and it automatically and quickly answers it to evade detection, he says.

Sheran Gunasekera, the developer of PhoneSnoop, says he was surprised US-CERT identified his app in an advisory. "I am happy that they did, though, because it's one step further in getting the word out," says Gunasekera, who is director of IT security at Hermis Consulting in Jakarta, Indonesia. "I think the reason my app was flagged was because it's free and more easily accessible" than more expensive commercial spy tools.

Gunasekera -- who says his app was intended as a proof-of-concept of how smartphones could be abused -- says he wanted his tool to let more users see what the threat could really be. "Although I did my best to make the app non-stealthy, I guess CERT thought it still had potential for abuse," he says.

The attacker would have to either access the victim's BlackBerry to install PhoneSnoop or send it disguised as another app, Symantec's Chie says. And the attacker has to configure it with his phone number so the app can recognize it and automatically engage the call and speakerphone. "Someone could take this concept and package it as a game, for example," to get the victim to install it, he says.

The call itself is relatively inconspicuous. "The chances of your seeing the call coming in are very [slim]. It's designed so that you won't hear the phone ring," Chien says. "Your chances of beating the app [to the call] are very low."

PhoneSnoop's creator, meanwhile, says his goal with the app was to raise awareness of this type of snooping vulnerability in the smartphone. Gunasekera says he plans to release a paper on how to protect against such a snooping attack. He also has released a tool aimed at detecting hidden programs and processes on the devices, called Kisses.

"I'm quite keen in driving up the awareness and also helping users protect themselves, so I'll be working on constantly updating both sets of tools, and they will be released free of charge," Gunasekera says.

But the problem isn't in the BlackBerry platform, he notes. "It's the users. The only way attacks like this can succeed is because people can be tricked or social-engineered. For example, I can release my application disguised as a game or a simple picture slide show/wallpaper downloader. While it appears harmless to a user, in reality it's actually spying on him," Gunasekera says. "Alternatively, I can physically install the tool on a phone."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.


Subscribe to RSS










Bugs
ENTERPRISE VULNERABILITIES
Vulnerability:php
Published:2009-11-23
Severity:Medium
Description:The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.
Vulnerability:php
Published:2009-11-23
Severity:High
Description:The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.
Vulnerability:php
Published:2009-11-23
Severity:High
Description:** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.
Vulnerability:phd help desk
Published:2009-11-23
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to area.php; (6) the q_registros parameter to solic_display.php; (7) the PATH_INFO to area_list.php; (8) the q_registros parameter to area_list.php; (9) the PATH_INFO to atributo.php; the (10) pagina, (11) q_registros, and (12) orden parameters to atributo_list.php; (13) an arbitrary parameter name beginning with "sentido" to atributo_list.php; and (14) the PATH_INFO to caso_insert.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerability:xm easy personal ftp server
Published:2009-11-23
Severity:Medium
Description:Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (daemon outage) via an APPE command to one socket in conjunction with a DELE command to a second socket.


Briefing Centers
POWERFUL INFORMATION
AT YOUR FINGERTIPS
(SPONSORED LINKS)