http://www.zdnet.com.au/news/hardware/soa/RIM-unconcerned-by-BlackBerry-bugging-software/0,130061702,339279555,00.htm By Brett Winterford ZDNet Australia 04 July 2007 Mobile device manufacturer Research in Motion (RIM) is unconcerned about a new release of software that aims to compromise the security of a BlackBerry device. As reported yesterday, the latest version of legal spying software FlexiSPY enables remote third parties to bug the voice calls, log SMS and mobile e-mail messages and track the location of a BlackBerry user. Ian Robertson, senior manager of security and research at RIM, said users need not be particularly worried about the capability of FlexiSPY. "While it's the subject of some debate, I don't consider it a virus nor a Trojan, as it does require conscientious effort from the user to load the program," he said. Robertson said an average user that maintains good hygiene would never see the software loaded onto their device without their knowledge. There are some basic steps, he said, that users can take to protect themselves. First, a user should set a password for their device so that nobody else can physically load the application. "This is the same for any device, be it a laptop or a smartphone," he said. Second, the user should only load applications from known and trusted sources. "With those two methods alone, no surreptitious software can be inadvertently loaded onto the device," he said. Finally, the BlackBerry service comes with a built-in software firewall. "If it isn't enabled already, be sure to have it switched on," Robertson said. The firewall would, in the case of FlexiSPY being active, prompt the user that something is trying to access the device. "It would say something like -- this application wants to make a connection to the device -- cancel or allow?" Robertson said that it is not entirely true that the FlexiSPY application works without the user knowing they are being spied upon. "There are ways you can tell if the program is loaded onto the device," he said. "First, the control panel for the application makes use of SMS messages, which don't appear like regular messages. Second, the application is visible if one views the files loaded onto the device." That's assuming of course, that a user has the technical nous to understand their BlackBerry's control panel. Robertson said that despite the marketing of sinister applications such as FlexiSPY, BlackBerry users are protected. "We provide a fantastic platform and rich controls to allow security to be tailored to meet an organisation's needs," he said. "There are over 250 IT policies and complete application control -- far and away beyond anything else in this space." Concerned users can read white papers on protecting their BlackBerry from malware here. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 05 2007 - 23:35:41 PDT