Blackberry "Spy" Software Released 91
Noryungi writes "Maybe the French were on to something after all. It turns out that there is a software available to easily spy on Blackberries, recording voice conversations and all messages (emails or SMS text message) that transmit through the portable device. Of course, the software has to be installed by the owner of the Blackberry, but it would not be surprising to find out that someone has found a way to silently auto-install that software on RIM devices. ZDNet reports that RIM isn't concerned: 'Ian Robertson, senior manager of security and research at RIM, said users need not be particularly worried about the capability of FlexiSPY. "While it's the subject of some debate, I don't consider it a virus nor a Trojan, as it does require conscientious effort from the user to load the program," he said. Robertson said an average user that maintains good [gadget] hygiene would never see the software loaded onto their device without their knowledge.'"
France's reasons not related (Score:3, Interesting)
Specifically, all email data transferred to/from a Blackberry goes through RIM's "blackberry.net" service, which resides in the US. Therefore, it is a virtual guarantee that all Blackberry emails transit US wires... Very specific US wires and it would be trivially easy to sniff ALL Blackberry.net traffic with a few properly placed protocol analyzers.
The fact that one can install software on a modern microprocessor based telephone-slash-computer that can *gasp* RECORD what the telephone-slash-computer happens to be doing shouldn't come as any sort of surprise to anyone at all.
In fact, this particular bit if news is a bit 'ho-hum', though I'm sure a few tech-stupid executives will gasp and throw their "Crackberry" out the window.
Perhaps this article was written by Microsoft or Apple to bolster the sales of their respective Blackberry competitors?
Stew
Depends on who you consider as the user (Score:3, Interesting)
a rose by any other name (Score:2, Interesting)
oh, and in answer to the question below about pushing the content from a BES, yes this can be done, but it has to be developed for. You'd have to ask the application provider in question whether their app supports this.
Re:Another tool in the corporate toobox (Score:2, Interesting)
"Bob, we know that you've been leaking secrets to the competitors. You're fired. And if you go quietly, we won't pursue criminal charges."
"Hmmm, I see. I'll clean out my desk."
Re:They dismiss the risk -- I wouldn't (Score:3, Interesting)
As you point out, anything that runs software carries with it a risk of infection.
Regardless of RiM's security record and staff, there IS risk.
Furthermore, maybe you're a bit out of touch with people in a typical workplace. A Blackberry is not a computer to most people, it's an upgraded cell phone. Even people used to taking precautions when using their PC don't always use the same common sense when using their "cell phone", regardless of what it's capable of, and what it's capable of being infected by.
I am not claiming to know better than the security staff at RiM. What I am claiming to know is that no device that is capable of downloading software is risk-free, and that the below-average user is of concern, particularly to those charged with maintaining security in a corporate setting.
As for your ad hominem, it's not about karma. It's about a statement made by a spokesperson (which is the first tip-off that you need to look a little deeper) that didn't jibe with me. As you've pointed out, there are precautions that can be taken -- but as I've pointed out, they are not always taken.
Maybe I'm wrong, but it seems to me that the point you're trying to make is, "Don't worry about it -- they have very good people taking care of that" along with "Don't worry about it, Blackberrys should be locked down". As to the first, that's ridiculous -- security should be a concern for everyone, from decision-makers at the executive level down to the lowliest user, regardless of how good the scurity staff are at a vendor company. As to the second, you should never forget that a significant segment of users will not take the simplest security precautions if it inconveniences them in any way (including taking the short time necessary to change a configuration).
To make a long post short, are you just trolling, or do you have points to make that really do contradict what I'm saying, or just more ad hominems and red herrings? I'd be glad to be proven wrong, since then we could all rest assured knowing that Blackberrys are inherently secure with a zero risk of compromise.
One other note: This has little to do with the security of Blackberrys as used by the general public. Note that those government agencies also have more staff devoted to security, policies more conducive to security, and employees more receptive to always acting in accordance with those policies.