Re: [TSCM-L] {1756} Re: Poisonous Blackberry's
Andre Ludwig wrote:
> It gets better...
>
> So not only can the person who install flexispy have access to your
> information, but the entire world does as well.
>
> http://airscanner.com/security/07062901_flexispy.htm
>
>
> The most interesting part of it all...
> Update (070629):
> According to an anonymous source who contacted us after this was
> posted on Bugtraq, the FlexiSPY web application was previously
> discovered by numerous people and has been exploited repeatedly.
>
> Andre Ludwig
>
> On 7/3/07, James M. Atkinson <jm..._at_tscm.com> wrote:
>>
>> I have been ranting for several years now about this kind of problem.
>>
>> -jma
>>
>>
>> http://www.zdnet.com.au/news/security/soa/Blackberry-spyware-can-steal-secrets/0,130061744,339279501,00.htm
>>
>> Blackberry 'spyware' can steal secrets
>>
>> By Brett Winterford and Munir Kotadia, ZDNet Australia
>> July 03, 2007
>>
>> Research in Motion's (RIM) Blackberry which is popular with corporate
>> users due to its secure management of mobile e-mail is vulnerable to
>> 'legal' spyware that has been classified as a Trojan by several
>> security vendors.
>>
>> RIM's Blackberry has won significant market share in the corporate
>> sector due to a perception that it is impervious to security attacks.
>>
>> But an updated version of the FlexiSPY application, considered a
>> security threat by most IT security vendors, enables a remote
>> attacker to tap into phone calls and e-mails sent to and from a
>> Blackberry-enabled device.
>>
>> "This is the first [Trojan] for a Blackberry we have ever seen," said
>> Patrik Runald, senior security specialist with F-Secure.
>>
>> Marketed as a spyware device for Blackberry phones, the FlexiSPY
>> application by Bangkok-based manufacturer Vervata is sold on the
>> premise that it can "spill Blackberry secrets."
>>
>> Once physically installed on a mobile device, a remote user is given
>> complete monitoring and access control.
>>
>> This includes bugging voice calls, logging mobile e-mail messages and
>> SMS, tracking the location of the user, or even remotely switching on
>> the phone's microphone to bug a user regardless of whether they are on a call.
>>
>> While FlexiSPY also works on Windows Mobile and Symbian-based
>> devices, and is sold on the premise of catching a cheating spouse,
>> 'disloyal' employee or for the monitoring children, there can be no
>> doubt that a Blackberry targeted version is aimed squarely at
>> corporate espionage.
>>
>> Its use in a boardroom, for example, could have catastrophic
>> implications for any organisation.
>>
>> RIM, manufacturer of the Blackberry, was unavailable for comment by press time.
>>
>>
>> ----------------------------------------------------------------------------------------------------
>> World Class, Professional, Ethical, and Competent Bug Sweeps, and
>> Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
>> ----------------------------------------------------------------------------------------------------
>> James M. Atkinson Phone: (978) 546-3803
>> Granite Island Group Fax: (978) 546-9467
>> 127 Eastern Avenue #291 Web: http://www.tscm.com/
>> Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
>> ----------------------------------------------------------------------------------------------------
>> We perform bug sweeps like it's a full contact sport, we take no prisoners,
>> and we give no quarter. Our goal is to simply, and completely stop the spy.
>> ----------------------------------------------------------------------------------------------------
>>
>>
>>
>>
>
> >
>
Received on Sat Mar 02 2024 - 00:57:16 CST
This archive was generated by hypermail 2.3.0
: Sat Mar 02 2024 - 01:11:43 CST