>From - Sat Mar 02 00:57:16 2024
Received: by 10.36.134.3 with SMTP id h3mr7340345nzd.1183482799827;
Tue, 03 Jul 2007 10:13:19 -0700 (PDT)
Return-Path: <andre..._at_gmail.com>
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.235])
by mx.google.com with ESMTP id x35si2627360nzg.2007.07.03.10.13.18;
Tue, 03 Jul 2007 10:13:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of andre..._at_gmail.com designates 66.249.82.235 as permitted sender)
DomainKey-Status: good (test mode)
Received: by wx-out-0506.google.com with SMTP id h30so1916422wxd
for <TSCM-..._at_googlegroups.com>; Tue, 03 Jul 2007 10:13:18 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
d=gmail.com; s=beta;
h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
b=Tir1EvHxRaJTdrt+3f2v6G3EiKfJm+66m9tlfVTU30MUC97Y0crkQ82ijLSHAuVqyx8wjj4/NwXTIX4s//1MJLukOCnZlHf+CEVX5/3xkDT1f1R/kFGUNee39GstMU/VTSlFg3wv2uNnA8OHjenSdV3oMh4qQ0oNU+zlc53/7og=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=beta;
h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
b=WsHdYiQRfJN0ClDpCc4xr9NMBWTr1TqauElzLDhmFmqM7K+t8wnC9ik8bCOI6WwLB/E/Bxcr0GrK4enSbZAfCTMO1owaL5BhCjKrvIwueSG3L//n4SbGCTMjGvjFFLpTlj0xIRQySKYZRzq3y8Vh2K70xVAp8ZmXZ+IUgCA/V7s=
Received: by 10.70.87.11 with SMTP id k11mr9305941wxb.1183482797871;
Tue, 03 Jul 2007 10:13:17 -0700 (PDT)
Received: by 10.70.56.16 with HTTP; Tue, 3 Jul 2007 10:13:17 -0700 (PDT)
Message-ID: <9d03f28f0707031013y236f3a8cg94ac19a87cb09231_at_mail.gmail.com>
Date: Tue, 3 Jul 2007 13:13:17 -0400
From: "Andre Ludwig" <andre..._at_gmail.com>
To: TSCM-L2006_at_googlegroups.com
Subject: Re: [TSCM-L] {1754} Poisonous Blackberry's
In-Reply-To: <7.0.1.0.2.20070703123628.13d2d788_at_tscm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
References: <7.0.1.0.2.20070703123628.13d2d788_at_tscm.com>
It gets better...
So not only can the person who install flexispy have access to your
information, but the entire world does as well.
http://airscanner.com/security/07062901_flexispy.htm
The most interesting part of it all...
Update (070629):
According to an anonymous source who contacted us after this was
posted on Bugtraq, the FlexiSPY web application was previously
discovered by numerous people and has been exploited repeatedly.
Andre Ludwig
On 7/3/07, James M. Atkinson <jm..._at_tscm.com> wrote:
>
>
> I have been ranting for several years now about this kind of problem.
>
> -jma
>
>
> http://www.zdnet.com.au/news/security/soa/Blackberry-spyware-can-steal-secrets/0,130061744,339279501,00.htm
>
> Blackberry 'spyware' can steal secrets
>
> By Brett Winterford and Munir Kotadia, ZDNet Australia
> July 03, 2007
>
> Research in Motion's (RIM) Blackberry which is popular with corporate
> users due to its secure management of mobile e-mail is vulnerable to
> 'legal' spyware that has been classified as a Trojan by several
> security vendors.
>
> RIM's Blackberry has won significant market share in the corporate
> sector due to a perception that it is impervious to security attacks.
>
> But an updated version of the FlexiSPY application, considered a
> security threat by most IT security vendors, enables a remote
> attacker to tap into phone calls and e-mails sent to and from a
> Blackberry-enabled device.
>
> "This is the first [Trojan] for a Blackberry we have ever seen," said
> Patrik Runald, senior security specialist with F-Secure.
>
> Marketed as a spyware device for Blackberry phones, the FlexiSPY
> application by Bangkok-based manufacturer Vervata is sold on the
> premise that it can "spill Blackberry secrets."
>
> Once physically installed on a mobile device, a remote user is given
> complete monitoring and access control.
>
> This includes bugging voice calls, logging mobile e-mail messages and
> SMS, tracking the location of the user, or even remotely switching on
> the phone's microphone to bug a user regardless of whether they are on a call.
>
> While FlexiSPY also works on Windows Mobile and Symbian-based
> devices, and is sold on the premise of catching a cheating spouse,
> 'disloyal' employee or for the monitoring children, there can be no
> doubt that a Blackberry targeted version is aimed squarely at
> corporate espionage.
>
> Its use in a boardroom, for example, could have catastrophic
> implications for any organisation.
>
> RIM, manufacturer of the Blackberry, was unavailable for comment by press time.
>
>
> ----------------------------------------------------------------------------------------------------
> World Class, Professional, Ethical, and Competent Bug Sweeps, and
> Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
> ----------------------------------------------------------------------------------------------------
> James M. Atkinson Phone: (978) 546-3803
> Granite Island Group Fax: (978) 546-9467
> 127 Eastern Avenue #291 Web: http://www.tscm.com/
> Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
> ----------------------------------------------------------------------------------------------------
> We perform bug sweeps like it's a full contact sport, we take no prisoners,
> and we give no quarter. Our goal is to simply, and completely stop the spy.
> ----------------------------------------------------------------------------------------------------
>
>
>
>
> >
>
Received on Sat Mar 02 2024 - 00:57:16 CST