PhoneSnoop – DHS Warns Blackberry Users About App

The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) is warning BlackBerry users about a spyware program that allows attackers to turn a target’s handset into a microphone that can be accessed remotely.

Source

From Search Security

The U.S. Computer Emergency Readiness Team is warning Blackberry users about new software that could be used by hackers to turn the smartphone into a listening device.

An application called PhoneSnoop can configure the phone’s speakerphone function to enable a hacker to listen to surrounding conversations remotely. The software uses a Blackberry API to intercept incoming calls. Once the software is downloaded and installed, the software is triggered by a simple phone call, placing the device into speakerphone mode.

Sheran Gunasekera, the developer of the snooping application, wrote on his blog that he wanted to shed light on the threats posed by careless use of Blackberry smartphones. Gunasekera said the application can be easily detected and is visible in the Blackberry user interface.

“While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware,” Gunasekera wrote.

Gunasekera posted a YouTube video demonstrating how PhoneSnoop works. He introduced the tool on Oct. 19, but only made the software available for download Oct. 23, tweaking it to allow users to create a customized trigger number.

The US-CERT warned Blackberry users to password protect their devices and only download software from trusted sources.

“This software allows an attacker to call a user’s BlackBerry and listen to personal conversations,” the US-CERT said. In order to install and setup the PhoneSnoop application, attackers must have physical access to the user’s device or convince a user to install PhoneSnoop.”

Read Full Article