Published on the 11/11/2009 | Written by Newsdesk
Could your competitors be listening in on your business calls? A simple BlackBerry app makes corporate espionage easy – at least in theory…
As if there weren’t already enough IT security threats for business people to worry about, Symantec has found a new one: a bugging application downloadable onto BlackBerry handsets called PhoneSnoop.
PhoneSnoop is an application that allows someone to remotely and covertly listen in on a BlackBerry user’s conversation and surroundings. A disturbingly simple piece of software, it uses a standard Blackberry application programming interface (API) that allows the interception of incoming phone calls.
When a call is received from a preconfigured phone number, the call is automatically answered and the BlackBerry device’s speaker phone is turned on. A user whose phone has the application secretly installed would possibly not notice the phone has rung, and would therefore not realise that someone is listening in on their immediate surroundings.
Eric Chien, chief researcher at Symantec’s antivirus research lab, recently wrote about PhoneSnoop on the company’s Security Response blog.
He said the software was currently only a “proof-of-concept” application that had a number of limitations which meant it was unlikely to be an effective tool for corporate espionage.
These limitations included the fact that anyone wanting to install it would need physical access to their target’s handset. It was also possible the phone’s owner would notice the incoming call and while such a covert “bugging” call was active they would be able to tell the phone was connected, as with any normal phone call.
Audio quality through the application was also poor.
“However, overcoming many of these limitations is possible,” Chien warned in his blog post.
“So, while one shouldn’t be worried about this specific implementation, Symantec has previously documented the possible of these types of attacks.”
Details of the possible security issues related to the popular business phone were compiled in a 2007 whitepaper the company published entitled ‘Attack Surface Analysis of Blackberry Devices’.
Chien said because the whitepaper was now two years old, some of the specific details of possible threats that could be launched through the device may have changed, but many of the concepts behind them remained valid.
