[ISN] RIM unconcerned by BlackBerry bugging software

From: InfoSec News (alerts@private)
Date: Thu Jul 05 2007 - 23:27:55 PDT


By Brett Winterford
ZDNet Australia
04 July 2007 

Mobile device manufacturer Research in Motion (RIM) is unconcerned about 
a new release of software that aims to compromise the security of a 
BlackBerry device.

As reported yesterday, the latest version of legal spying software 
FlexiSPY enables remote third parties to bug the voice calls, log SMS 
and mobile e-mail messages and track the location of a BlackBerry user.

Ian Robertson, senior manager of security and research at RIM, said 
users need not be particularly worried about the capability of FlexiSPY.

"While it's the subject of some debate, I don't consider it a virus nor 
a Trojan, as it does require conscientious effort from the user to load 
the program," he said.

Robertson said an average user that maintains good hygiene would never 
see the software loaded onto their device without their knowledge.

There are some basic steps, he said, that users can take to protect 

First, a user should set a password for their device so that nobody else 
can physically load the application. "This is the same for any device, 
be it a laptop or a smartphone," he said.

Second, the user should only load applications from known and trusted 

"With those two methods alone, no surreptitious software can be 
inadvertently loaded onto the device," he said.

Finally, the BlackBerry service comes with a built-in software firewall. 
"If it isn't enabled already, be sure to have it switched on," Robertson 

The firewall would, in the case of FlexiSPY being active, prompt the 
user that something is trying to access the device.

"It would say something like -- this application wants to make a 
connection to the device -- cancel or allow?"

Robertson said that it is not entirely true that the FlexiSPY 
application works without the user knowing they are being spied upon.

"There are ways you can tell if the program is loaded onto the device," 
he said. "First, the control panel for the application makes use of SMS 
messages, which don't appear like regular messages. Second, the 
application is visible if one views the files loaded onto the device."

That's assuming of course, that a user has the technical nous to 
understand their BlackBerry's control panel.

Robertson said that despite the marketing of sinister applications such 
as FlexiSPY, BlackBerry users are protected.

"We provide a fantastic platform and rich controls to allow security to 
be tailored to meet an organisation's needs," he said. "There are over 
250 IT policies and complete application control -- far and away beyond 
anything else in this space."

Concerned users can read white papers on protecting their BlackBerry 
from malware here.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Thu Jul 05 2007 - 23:35:41 PDT