BlackBerry users warned by US-CERT on eavesdropping PhoneSnoop application

PhoneSnoop can only be installed by someone with physical access to the BlackBerry, Infosecurity understands, but, CERT said that if a remote user tricks the owner of the smartphone to install the software, then it will allow the monitoring of voice calls from afar.

The author of the application, Sheran Gunasekera, director of security for Hermis Consulting in Indonesia, is reported to have coded the software to highlight the security issues that still exist with the BlackBerry smartphone.

Reports of the technology on which PhoneSnoop is apparently based, first started appearing in the summer when users on the Etisalat network in the Middle East were sent text message by the network operator.

The text message encouraged BlackBerry users to download and install a software upgrade over the air.

By late July, Etisalat user forums were full of reports that the new software ran the BlackBerry's batteries down more quickly than normal, as it could - under certain circumstances - trigger remote eavesdropping of the voice channel.

The saga caused Research in Motion, the Canadian firm that developed the BlackBerry family of smartphones to issue an eight-page press statement that it did not authorise the software installation and "was not involved in any way in the testing, promotion or distribution of this software application".

"Independent sources have concluded that it is possible that the installed software could... enable unauthorised access to private or confidential information stored on the user's smart phone", the company said in its statement.

Gunasekera has not said how his PhoneSnoop software works but unconfirmed sources suggest it is similar in operation to elements of the software that Etisalat reportedly texted its BlackBerry users to download.

What’s hot on Infosecurity Magazine?