PhoneSnoop – DHS Warns Blackberry Users About App

The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) is warning BlackBerry users about a spyware program that allows attackers to turn a target’s handset into a microphone that can be accessed remotely.

Source

From Search Security

The U.S. Computer Emergency Readiness Team is warning Blackberry users about new software that could be used by hackers to turn the smartphone into a listening device.

An application called PhoneSnoop can configure the phone’s speakerphone function to enable a hacker to listen to surrounding conversations remotely. The software uses a Blackberry API to intercept incoming calls. Once the software is downloaded and installed, the software is triggered by a simple phone call, placing the device into speakerphone mode.

Sheran Gunasekera, the developer of the snooping application, wrote on his blog that he wanted to shed light on the threats posed by careless use of Blackberry smartphones. Gunasekera said the application can be easily detected and is visible in the Blackberry user interface.

“While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware,” Gunasekera wrote.

Gunasekera posted a YouTube video demonstrating how PhoneSnoop works. He introduced the tool on Oct. 19, but only made the software available for download Oct. 23, tweaking it to allow users to create a customized trigger number.

The US-CERT warned Blackberry users to password protect their devices and only download software from trusted sources.

“This software allows an attacker to call a user’s BlackBerry and listen to personal conversations,” the US-CERT said. In order to install and setup the PhoneSnoop application, attackers must have physical access to the user’s device or convince a user to install PhoneSnoop.”

Read Full Article

Is Your Cell Phone Spying On You?

Don’t talk: your cell phone may be eavesdropping. Thanks to recent developments in “spy phone” software, a do-it-yourself spook can now wirelessly transfer a wiretapping program to any mobile phone. The programs are inexpensive, and the transfer requires no special skill. The would-be spy needs to get his hands on your phone to press keys authorizing the download, but it takes just a few minutes—about the time needed to download a ringtone.

This new generation of -user-friendly spy-phone software has become widely available in the last year—and it confers stunning powers. The latest programs can silently turn on handset microphones even when no call is being made, allowing a spy to listen to voices in a room halfway around the world. Targets are none the wiser: neither call logs nor phone bills show records of the secretly transmitted data.

More than 200 companies sell spy-phone software online, at prices as low as $50 (a few programs cost more than $300). Vendors are loath to release sales figures. But some experts—private investigators and consultants in counter-wiretapping, computer-security software and telecommunications market research—claim that a surprising number of people carry a mobile that has been compromised, usually by a spouse, lover, parent or co-worker. Many employees, experts say, hope to discover a supervisor’s dishonest dealings and tip off the top boss anonymously. Max Maiellaro, head of Agata Christie Investigation, a private-investigation firm in Milan, estimates that 3 percent of mobiles in France and Germany are tapped, and about 5 percent or so in Greece, Italy, Romania and Spain. James Atkinson, a spy-phone expert at Granite Island Group, a security consultancy in Gloucester, Massachusetts, puts the number of tapped phones in the U.S. at 3 percent. (These approximations do not take into account government wiretapping.) Even if these numbers are inflated, clearly many otherwise law-abiding citizens are willing to break wiretapping laws.

Source