Apples are not the only insecure fruit

While Apple gets all the attention for having an insecure phone, it seems that Blackberries are just as crackable.

Tyler Shields, a senior researcher at the Veracode Research Lab, has written a piece of spyware that can send an SMS command to his phone and have his contact list forwarded to another e-mail address.

The upshot is that his BlackBerry can e-mail a cracker any SMS messages he sends, log his calls, monitored his inbound text messages, track his location on the GPS and turned his microphone on to listen to conversations in the room and record them. Shields told the ShmooCon security show that writing such code was a doddle using the mobile provider’s own API they provide to any developer.

The only thing difficult really would be to get the spyware into another person’s machine. The only way is to send the target victim an e-mail or text with a link to a Web page where the spyware is surreptitiously installed. It can be hidden inside a legitimate-looking app downloaded from the App Store.

Basically the risks are similar to the iPhone. The BlackBerry platform has a “significant number” of security mechanisms in place that could be used to mitigate against these types of attacks. But most don’t know about the security risks, don’t think the risks are serious or don’t know how to be more secure with their devices.

* Research in Motion said: “Applications containing spyware cannot be installed on a BlackBerry smartphone without the user’s explicit consent unless of course someone else gains physical possession of the user’s device along with knowledge of any enabled password. Although it is important for users of all types of computers and mobile devices to always exercise caution before downloading apps, it is also important to understand the context in which the risk of this spyware was described at the conference on Sunday and that the spyware app cannot simply install itself stealthily on to a user’s device. Further, a user can review and confirm the list of installed apps on their device by looking in the “Options” area at any time.”