Blackberry "Spy" Software Released 91
Noryungi writes "Maybe the French were on to something after all. It turns out that there is a software available to easily spy on Blackberries, recording voice conversations and all messages (emails or SMS text message) that transmit through the portable device. Of course, the software has to be installed by the owner of the Blackberry, but it would not be surprising to find out that someone has found a way to silently auto-install that software on RIM devices. ZDNet reports that RIM isn't concerned: 'Ian Robertson, senior manager of security and research at RIM, said users need not be particularly worried about the capability of FlexiSPY. "While it's the subject of some debate, I don't consider it a virus nor a Trojan, as it does require conscientious effort from the user to load the program," he said. Robertson said an average user that maintains good [gadget] hygiene would never see the software loaded onto their device without their knowledge.'"
Another tool in the corporate toobox (Score:2, Insightful)
The part should make everyone very concerned (Score:5, Insightful)
I'm sure most of you have seen your bosses leave their blackberry, Treo or whatever device they have lying around or just hand it off to the secretary who leaves it on the desk. They really should find some way to alert people if this software or software like this gets on the device as in my humble opinion this is a huge risk for the people who need to have semi-secure communication in most companies I have seen.
They dismiss the risk -- I wouldn't (Score:5, Insightful)
Also, I'd like to mention that in my experience, it's often those with the most crucial conversations (ownership/upper management) are the ones who hand off their Blackberry to others for maintenance, etc. A disgruntled/bribed tech could very easily install this.
One other note -- if a user needing to take action to install malware wasn't a problem, we wouldn't see so many compromised machines.
Re:France's reasons not related (Score:5, Insightful)
Why do people insist on perpetuating this myth? It is simply untrue.
Just as trivial as it is to sniff SSL traffic over the general internet. Trivial, and worthless.
Re:Another tool in the corporate toobox (Score:3, Insightful)
Or at least that's something I read somewhere once (I might have been dreaming).
Re:Depends on who you consider as the user (Score:1, Insightful)
Re:They dismiss the risk -- I wouldn't (Score:1, Insightful)
Re:They dismiss the risk -- I wouldn't (Score:3, Insightful)
I'm not saying that the sky is falling -- I'm saying that security on these devices IS a concern, and something we need to be aware of. I'm also saying that it's wrong for Blackberry spokespeople to downplay the risk of malware on the Blackberry, as the risk is real and important (unless of course we take steps to mitigate it, which is the whole point of not downplaying the risk -- to get people to take the necessary precautions).