1. TheScionicMan's Avatar
    BlackBerry PhoneSnoop Application Used to Spy on Users
    added October 27, 2009 at 11:59 am

    US-CERT is aware of public reports of a new software application called PhoneSnoop. This software allows an attacker to call a user's BlackBerry and listen to personal conversations. In order to install and setup the PhoneSnoop application, attackers must have physical access to the user's device or convince a user to install PhoneSnoop.

    US-CERT encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.
    US-CERT Current Activity


    PhoneSnoop BlackBerry Bugging Application

    Heres how it works:

    You install and run PhoneSnoop on a victims BlackBerry. PhoneSnoop sets up a PhoneListener and waits for an incoming call from a specific number. Once it detects a call from that specific number, it automatically answers the victims phone and puts the phone into SpeakerPhone mode. This way, the attacker that called can now hear whats going on at the victims end. Pretty simple right? In the video above, I have setup PhoneSnoop to listen in for calls originating from +12120031337. I first make a call from +12120031336 to show that theres no effect. Then, I show what happens when a call is made from the expected number. The demo is on the BlackBerry simulator for now, but Im working on bringing you a video that demonstrates the application on a real BlackBerry Bold.

    Installation Instructions:

    1. Grab your friends BlackBerry
    2. Download PhoneSnoop from the URL I mail you
    3. Once installed, go to Options->Advanced Options->Applications->PhoneSnoop->Edit Permissions and change the Input Simulation/Event Injection to Allow
    4. Run PhoneSnoop

    Checking the bugging capabilities:

    1. Call the victims phone number
    2. Listen
    Chirashi Security PhoneSnoop – Turn a BlackBerry into a portable bug
    10-27-09 06:30 PM
LINK TO POST COPIED TO CLIPBOARD