 |
 Thread Author
# 1
02-07-2010, 09:10 AM
| | | CrackBerry Abuser | | Join Date: Jul 2008 Posts: 457 Likes Received: 0
Thanked 0 Times in 0 Posts
| |  Code Released for Making Spyware on BlackBerry
According to an article over at NetworkWorld, spyware writer Tyler Shields with Veracode Research Lab, has released spyware source code (TXSBBspy) which is essentially a blueprint on how to develop spyware for the BlackBerry. He calls the source code a blueprint for malware on the BlackBerry, showing how it’s possible to remotely dump all the contents, send the contents via e-mail, and conduct real-time monitoring of phone messages.
His reasoning is that by doing this it will open everyone's eyes to the very real threat that exists with embedded spyware in applications. “The Blackberry ‘sandbox’ keeps you from getting into the operating system level. It’s effective for that,” says Tyler Shields, senior researcher at Veracode Research Lab and author of the Blackberry spyware. “BlackBerry is one of the better operating systems in regards to security,” he says, “but in the sandbox you can steal data.”
The source code released apparently shows how easy it is for a developer to code malware into their application which then can harvest emails and personal information and send it on to the third party, unbeknownst to the BlackBerry owner. 
[source: NetworkWorld]
Last edited by Daniel.Black; 02-07-2010 at 09:22 AM.
|
02-07-2010, 10:54 AM
| | | CrackBerry Genius of Geniuses Device(s): ~ Retarded In Mind ~ Storm - It's CLICKTASTIC!!! © / ViPhone 4 - Cuz I'm VIP. Carrier: I hate RIM/Carrier VPL Service Books!!! | Truncated Emails... really RIM... really? | KB13677 is BS! Pin: I'm the Page Ranking person for Crackberry. :p | Don't be a CEO, Search the Forums! | Hybrids Suck! | | Location: On Safari in the CB jungle. ;) Join Date: Jun 2007 Posts: 14,367 Likes Received: 7
Thanked 210 Times in 130 Posts
| |
Nice find... as I said before... everything is hackable. I haven't read the full article yet, but there's no doubt that some of this will require at least some form of social engineering to implement, which is how most stuff needs to happen now anyway.
I think it's safe to say that Blackberry users have always had the "Mac Mentality" when it comes to how safe they are.... and we all know there's threats for a Mac, if hackers and devs are bothered enough to spend time developing for said platform.
Never doubt what a person's mind can do... it's by far a much better CPU and OS then any machine out there currently.  |
02-07-2010, 11:16 AM
| | | Forums Moderator Device(s): 8320, 8900, 9000, 9700, 9530, 9630, 9650, 9800 Carrier: Rogers | | Location: Winnipeg, Manitoba Join Date: Jun 2008 Posts: 3,899 Likes Received: 198
Thanked 551 Times in 192 Posts
| |
Anybody spending 5 minutes of browsing through the API docs has figured this out. The article makes it sound as if it was some big secret. JRSCCivic98 is correct though, it requires social engineering, the user has to install the app themselves and grant it trusted status, not to mention the additional prompts when the app tries to set a listener for the first time.
__________________ Leave It On - Take control of your backlight, keep the blacklight on for any app you want like Google Maps & BBM, light up with new msgs and pop-up now!
Wallpaper Changer - Automatically rotates your wallpaper - Now with CrackBerrys wallpaper gallery
SixTools - The essential app for OS6 & OS7 users
ExtraKeys, SearchIt, PLAYBOOK games apps, and more! Visit: http://www.shao-soft.com |
02-08-2010, 04:35 AM
| | | CrackBerry Genius of Geniuses Device(s): Bold 9900 Carrier: Vodafone Pin: 2851F7AB | | Location: Lisburn, Northern Ireland Join Date: Aug 2009 Posts: 6,461 Likes Received: 602
Thanked 322 Times in 260 Posts
| |
LOL, is BES not the biggest spyware there is? Any spyware in bis needs a certain degree of user error to work, don't download anything you are not sure of.
Posted from my CrackBerry at wapforums.crackberry.com
|
02-08-2010, 11:25 AM
| | | CrackBerry Genius Device(s): Samsung Mesmerize & Tour 9630 Carrier: US Cellular Pin: Kik & LiveProfile (ask) | | Location: East Tennessee Join Date: Feb 2008 Posts: 2,867 Likes Received: 26
Thanked 79 Times in 53 Posts
| |
Unlike the iPhone SMS hack that was out last summer, this one would need an app installed on the BB to work.
If I remember correctly, each app that uses RIM's secure APIs need to be signed. This would give RIM a way to track down who wrote the app, or at least to whom they designated the API keys. That's not saying someone couldn't get the keys and do this, but that there would at least be a trail to follow for finding the malicious programmer.
__________________
"We are the music makers, and we are the dreamers of dreams..."
|
02-08-2010, 01:52 PM
| | | CrackBerry Genius of Geniuses Device(s): ~ Retarded In Mind ~ Storm - It's CLICKTASTIC!!! © / ViPhone 4 - Cuz I'm VIP. Carrier: I hate RIM/Carrier VPL Service Books!!! | Truncated Emails... really RIM... really? | KB13677 is BS! Pin: I'm the Page Ranking person for Crackberry. :p | Don't be a CEO, Search the Forums! | Hybrids Suck! | | Location: On Safari in the CB jungle. ;) Join Date: Jun 2007 Posts: 14,367 Likes Received: 7
Thanked 210 Times in 130 Posts
| |
Quote:
Originally Posted by Xopher  Unlike the iPhone SMS hack that was out last summer, this one would need an app installed on the BB to work.
If I remember correctly, each app that uses RIM's secure APIs need to be signed. This would give RIM a way to track down who wrote the app, or at least to whom they designated the API keys. That's not saying someone couldn't get the keys and do this, but that there would at least be a trail to follow for finding the malicious programmer. | So did the iPhone SMS hack. It only worked on Jailbroken iPhones where the user happened to leave SSH running on the handset.
|
02-08-2010, 04:16 PM
| | | CrackBerry Genius Device(s): Samsung Mesmerize & Tour 9630 Carrier: US Cellular Pin: Kik & LiveProfile (ask) | | Location: East Tennessee Join Date: Feb 2008 Posts: 2,867 Likes Received: 26
Thanked 79 Times in 53 Posts
| |
Quote:
Originally Posted by JRSCCivic98 So did the iPhone SMS hack. It only worked on Jailbroken iPhones where the user happened to leave SSH running on the handset. | So ,there we go. 
__________________
"We are the music makers, and we are the dreamers of dreams..."
|
02-09-2010, 12:11 AM
|  | CrackBerry Newbie Device(s): 9700 (Bold) Carrier: AT&T/Cingular | | Join Date: Jan 2010 Posts: 5 Likes Received: 0
Thanked 0 Times in 0 Posts
| |
There's nothing "hacked" here. They simply made a program that uses the API and if a person is stupid enough to install it, then the program is running correctly. It would be the same as SmrtGuard.
The person who installed it clicked "Allow" on the screen that gave the program access to this data.
The user is at fault, not the BlackBerry. BlackBerry has security features built in in their IT Policy to block people from doing such dumb things as well.
|
02-09-2010, 10:06 PM
| | | CrackBerry User Device(s): 8520 (Curve) Carrier: Vodafone Pin: 213F117E | | Location: Cape Town, South Africa Join Date: Dec 2009 Posts: 61 Likes Received: 0
Thanked 0 Times in 0 Posts
| |
As far as I no, BlackBerry will always ask a users permission once installing anything. Thats what I love
__________________
Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony
|
02-23-2010, 10:58 AM
| | | CrackBerry Addict Device(s): iPhone 4 Carrier: AT&T | | Location: West Virginia Join Date: Jul 2009 Posts: 647 Likes Received: 0
Thanked 0 Times in 0 Posts
| |
Anything is hackable it's only a matter of time, now some will have to be more careful with downloads
| |
| Thread Tools | Search this Thread | | | | | Display Modes |  Linear Mode |
| |
|
