A security software company claims that it can remotely access Blackberry phones to listen in on voicemails, wipe data and distribute other information by e-mail.
Veracode Research Lab's proof-of-concept is called TSXBBSpy, released as a "call for defensive research" into Blackberry phones' vulnerability to spyware, Network World reports. Veracode Senior Researcher Tyler Shields said Blackberry is "one of the better operating systems in regards to security," but his code still makes it possible to steal data.
Shields said he released the code to show how easy it is to write Blackberry malware, however, it's worth noting that the program requires deliberate installation by the user. In a response, Blackberry maker Research in Motion stressed that the program "cannot simply install itself stealthily on to a user's device."
CIO's Al Sacco notes that previous Blackberry malware attempts essentially required the same level of permission, requiring a multi-step process that's hard to mistake for a benign app. He says avoiding malware on a mobile phone comes down to education and knowing not to download questionable apps from suspicious sources -- the same logic that applies for computers.
If deliberate installation is required, malware might not be the biggest threat to Blackberry phones, anyway. Someone who wants to snoop on a cheating spouse or keep a watchful eye on the kids can already purchase Flexispy, which performs many of the functions described in Veracode's concept. And last year, the United Arab Emirates government was caught installing spyware on citizens' Blackberry phones in a routine upgrade.
In other words, the real issue might not be some random hacker, but the people you know and trust. No amount of "defensive research" can account for that.
