Wednesday, April 28, 2010
Asian security researcher known as "chopstick", released PhoneSnoop a freely available blackberry app that if installed will allow a remote computer to covertly call the blackberry, activate the speakerphone feature and allow remote audio bugging! Now this nasty little app was released at the Hack-n-a-Box security conference in Malaysia last October. It recently has shaken up government organizations such as US-CERT to issue warnings.
Remember in the news when President Obama had to fight to keep his blackberry after the election? This is a serious threat so try it out on your friends and get back to me.
Download it here and documentation here
A potential fix for enterprise blackberry users would be to deny "Input Simulation" option on the BES server.