1. phonejunky's Avatar
    Very good article on what a capable hacker can do with the API's provided to him by RIM

    CNET News
    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by CrackberryBrandon; 02-07-10 at 02:40 PM.
    02-07-10 02:37 PM
  2. mojo pin's Avatar
    WOW. I'm not likin' that too much...
    02-07-10 02:42 PM
  3. phonejunky's Avatar
    I've heard of it happening on the iPhone people have always targeted the iPhone but now Blackberry is the hot topic sense people are purchasing them believing they are more secure (BIS users). So hackers are putting more effort into the bb mobile platform hence how this was possible luckily this person was a good guy.

    Posted from my CrackBerry at wapforums.crackberry.com
    02-07-10 02:59 PM
  4. Reed McLay's Avatar
    While I was able to control the spyware using text messages sent from my mobile phone, the spyware had to be first installed on his BlackBerry for the snooping to work. ...
    Spyware has existed for some time now, fortunately, it is expensive to use and it depends of getting installed in the first place.


    BlackBerry users should be more cautious about what apps they download and what rights they give them. "Users should not hit the 'I trust this app' button," Shields said. "That will give it access to all your personal information." ...
    02-07-10 03:10 PM
  5. EGerhardt's Avatar
    Although this is a bit of a worry, I think the article is ignoring a few important factors.

    Firstly, unsolicited e-mails/SMS trying to give you anything would start alarm bells ringing in a lot of people. Beyond that, as RIM is pretty proud of its security, developers who try to hide this in their apps are going to get RIMs size 13 steel toe cap planted in their anatomy.

    Even beyond that, the place where this kind of thing is a BIG concern is in enterprise, and IIRC BES can stop you doing almost anything that your IT department doesn't want you doing, which I suspect includes things like this.

    If you think about your berry as a computer, not a phone, and apply the same discrimination to what you download and install, you won't go far wrong.

    The functionality is of course there in the API to do this kind of thing. We already have apps that can track your device by GPS and allow remote back-up and such.

    Until someone can install it without my consent, and have it set its permissions by itself, I won't be worrying.
    02-07-10 03:10 PM
  6. afropoika's Avatar
    I wouldn't call this guy a "hacker"... I mean how about this, "hey buddy download this app to your bb and allow all permissions for it, ok? then wait for my txt, kthxbai". I say a BlackBerry is unsafe when and if just like the person above me stated, someone can without my consent install an app on my BlackBerry and change its permissions, again, without my consent. If that is possible THEN there's something to think about.
    02-07-10 03:32 PM
  7. breakmedown's Avatar
    I'm not worried about this at all. This isn't like normal viruses, threats, and hacks, because it doesn't involve manipulating a work around in the operating system, it involves manipulating a person. So if you're easy enough to be convinced to put and do stuff like this on your BB, that's totally your fault. Most people aren't.

    I don't think it should be considered a "threat to security" until it involves a program that downloads and installs itself or uses a native app that you don't choose to install. Otherwise it's just a "threat to stupidity".
    02-07-10 04:50 PM
  8. cardu3851's Avatar
    Go ahead...look at my txts, and call logs. I get all my national security packages hand delivered
    02-07-10 06:48 PM
  9. tumer's Avatar
    Not a hack if your giving permission
    02-07-10 07:47 PM
  10. Xopher's Avatar
    Another thing to think about is that a lot of the APIs that deal with important information are signed APIs. This means that RIM has provided keys to a developer to access those APIs and are traceable.

    So, if you are dumb enough to create an app that could access secure info in a malicous way, it can easily be tracked back to you.

    Posted from my BlackBerry using BerryBlab
    02-07-10 08:46 PM
  11. afropoika's Avatar
    Actually it is possible to get access to proprietary/signed APIs and remain anonymous. Check this PowerPoint presentation out: http://www.praetoriang.net/download/...efcon%2014.ppt (see slide 41/42).
    Last edited by shinkodachi; 02-08-10 at 11:10 AM.
    02-08-10 11:08 AM
LINK TO POST COPIED TO CLIPBOARD