Tyler Shields, senior researcher at Veracode Research Lab developed a proof-of-concept spyware package that demonstrates how simple it is to retrieve private data from a BlackBerry.
The above video demonstrates the spyware package, which he calls TXSBBspy, and uses it to take some very confidential information. In the demonstration, he uses some basic, publicly available functions to remotely dump all email and SMS messages, send the contents via e-mail, and conduct real-time monitoring of phone messages. He also remotely listens to a room using the BlackBerry’s mic, and follows the a user unknowingly by listening to their GPS updates.
This is a hot topic right now for BlackBerry as more users are downloading applications and accepting permissions without fully understanding what they’re allowing the app access to. Personally, I think RIM needs to give very specific instructions to the user about what they’re allowing an app to access. The permissions screen is far too vague.