The Telecommunications Regulatory Authority voiced fears that the BlackBerry manages data in a way that could allow it to be misused. “As a result of how Blackberry data is managed and stored, in their current form, certain Blackberry applications allow people to misuse the service, causing serious social, judicial and national security repercussions,” the regulator said in a statement carried on the state news agency late Sunday. Continue reading ‘More BlackBerry Security Concerns in the United Arab Emirates’
Mobile Spy is software for BlackBerry that is used to silently record user activity of children or employees. The app logs usage information which is then viewable online in real time. Several log types are included such as entire SMS text messages, actual GPS locations and call information. All logs can be reviewed from anywhere inside a secure online control panel.
With Mobile Spy version 4.0, employers and parents now have the ability to view every photo captured and every email sent or received. Other features added in version 4.0 include the ability to view all contacts, calendar events, memos and identification information of any cell tower the device enters into range of.
Tyler Shields, senior researcher at Veracode Research Lab developed a proof-of-concept spyware package that demonstrates how simple it is to retrieve private data from a BlackBerry.
The above video demonstrates the spyware package, which he calls TXSBBspy, and uses it to take some very confidential information. In the demonstration, he uses some basic, publicly available functions to remotely dump all email and SMS messages, send the contents via e-mail, and conduct real-time monitoring of phone messages. He also remotely listens to a room using the BlackBerry’s mic, and follows the a user unknowingly by listening to their GPS updates.
This is a hot topic right now for BlackBerry as more users are downloading applications and accepting permissions without fully understanding what they’re allowing the app access to. Personally, I think RIM needs to give very specific instructions to the user about what they’re allowing an app to access. The permissions screen is far too vague.
The widespread consumerization and general adoption of smartphones in the workplace is adding another layer of IT complexity. It’s important to remember that carrying a smartphone is similar to having a computer in your pocket. Therefore, these devices face the same security threats as a PC. Along with network vulnerabilities that stem from malware embedded Websites and email attachments, applications are also at risk.
The increased popularity and availability of smartphone applications creates security implications for employees who increasingly download these apps onto their corporate phones. Today’s enterprise is ill equipped to handle the expected wave of device issues resulting from rogue applications. A rogue application could cause a security threat by pulling sensitive data from the network. Continue reading about security and compliance issues facing today’s corporations
During the Etisalat controversy, one company that has been really helpful in determining exactly what is going on is SMobile Systems. They have sent me a technical analysis of the “upgrade” which I think the BlackBerry community would be interested in reading. Click through for a technical analysis of the Etisalat software update
The spyware intercepts emails and drains battery life remarkably fast. According to Chris Eng at Veracode, “the server receiving the initial registration packets (i.e. “Here I am, software is installed!”) got overloaded. Devices kept trying to connect every five seconds to empty the outbound message queue, thereby causing a battery drain. Some people were reporting on official BlackBerry forums that their batteries were being depleted from full charge in as little as half an hour.”
We are living in an age where our smartphones are becoming our personal computers, and therefore the focus of those who want to exploit our personal data in any way they can. Dan Hoffman, CTO of SMobile Systems said it best, “The truth about smartphones is that they are used in the same manner as personal computers and are susceptible to the same threats. It has become clear that smartphone users need to proactively ensure their devices contain the necessary security software to protect not only their e-mail and messaging data, but also to protect their identity and the integrity of their mobile financial transactions.”
