[SaintThomasAquinas]

So as I have mentioned I work in IT and am always reading up about Technology and Security. I own and use a Blackberry Bold 9930 for my personal communications. There are numerous threads that celebrate Blackberry's leading edge security and while I still believe it is very good I find the Stealth Genie product to be troubling. Stealth Genie is an app you download and install on a phone that allows you to record calls, view MMS and SMS messages, read call logs, view/track device location etc, etc.

There is a big balloon pop-out on the product homepage announcing the new capability of intercepting BBM messages on iPhone and Android specifically. Although I dug a bit deeper and read that this app can be installed on BBOS versions 6.0 7.0 as well as 7.1 with no support for BB10. I was shocked to read this fully expecting only BB10 to be vulnerable as I feel BBOS not having an Android runtime environment could only further secure the device.

What bothers me more is that iPhone and Android devices have to be rooted/jailbroken to allow the app to install/function correctly. While BBOS devices can donwload and grant all permissions and so is a much simpler install. Granted the person who installs this would have to have physical access to your phone and be able to beat the PIN lock or password assuming there was one set. But the fact that within minutes you can install and get this running on BBOS while not so on iPhone or Android has me rethinking where Blackberry falls on the "how secure scale" we all discuss on these forums.

Achieving any degree of privacy and security with Mobile devices was already difficult but now lets consider the following scenarios:

• Your Spouse/Boyfriend/Girlfriend/Family Member knows your PIN
• The Police or someone with similar authority has compelled you to unlock your device and it leaves your site.
• A coworker or employer gets access to your phone when you are away from your desk

In the scenario above you could be asleep or bathing or the device out of your sight for a few minutes and this app is undetectable so it becomes gameover at that point. I suppose some may say well such surveillence would be illegal in some/most states. Let's ask Donald Sterling how the California wiretapping laws are working for him these days. I think the bigger conern is so what... Once your private information is shared the damage is done people cannot "unlearn" things. Any Civil Criminal remedies will not save your career, marriage, friendship, reputation, financial security, freedom, etc.

[Sith_Apprentice]

This isnt a vulnerability. If you physically install this on the device, physically grant it permissions, then how is it vulnerable? There is no silent install for things like this. Sure they can run silently, but only after you install and ALLOW them to run.

[Sith_Apprentice]

Title updated to be more accurate

[SaintThomasAquinas]

Sorry. My use of the word vulnerable was in the context that it was able to run this application and the OS is supported. Vulnerable does not by definition require an install to be remote only or silent. Imagine you are in the shower or sleeping and your room mate/spouse/girlfriend has unmonitored access to your device. Since you don't need to jump through any extraordinary hoops so to speak such as Jailbreak or Root it seems this is a vulnerability not addressed by the OS. Implementing this "attack" becomes a trivial matter.

Many people have bricked their phones trying to root/jailbreak them and this takes time and some knowhow. Most anyone can navigate to a URL in the webbrowser and install an app and choose "allow" from a drop down. In any security discussion physical security is the foundation of any security measures taken. However, given my examples in my post I felt as all or most of us sleep or bath hopefully regulary and thus our Blackberry phones are out of view and vulnerable.

For those who felt mislead by my choice of a title please accept my apology.