February 8, 2010
We’ve heard a lot about security issues with the iPhone, but the BlackBerry isn’t immune to threats from malicious apps.
[efoods]Tyler Shields, a senior researcher at the Veracode Research Lab, has written a piece of spyware that allowed me to shoot an SMS command to his phone and have his contact list forwarded to my e-mail address in a demonstration. With another short text command, I was able to get his BlackBerry to e-mail me any SMS messages he sends.
And if I had wanted–and he had allowed me–I could have seen a log of all his calls, monitored his inbound text messages, tracked his location in real-time based on the GPS (Global Positioning System) in his device and turned his microphone on to listen to conversations in the room and record them.
“It’s trivial to write this type of code using the mobile provider’s own API [application programming interface] they provide to any developer,” Shields said in an interview in advance of his talk on the spyware scheduled for the ShmooCon security show on Sunday.