Blackberry smartphones can be hacked to let third
parties eavesdrop on private conversations.
US-CERT, the American IT and network security organisation,
confirmed the viability of PhoneSnoop, a proof of concept
attack that could allow hackers to listen in to phonecalls on
Blackberry smartphones.
"This software allows an attacker to call a user's Blackberry
and listen to personal conversations. In order to install and set
up the PhoneSnoop application, attackers must have physical access
to the user's device or convince a user to install PhoneSnoop,"
said US-CERT.
The organisations said users should download Blackberry
applications only from trusted sources and they should password
protect and lock their Blackberry devices.
The attack was revealed by Chopstick, a director of IT Security
for an Asia Pacific consulting company. Chopstick, who runs the
Chirashi website, showed
in October that a Blackberry could be turned into a portable bug to
allow eavesdroppers to listen to sounds around or near the
handheld.
The video provides a demonstration of the eavesdropping tool.
When a known number calls the phone, the application answers the
call, activates speakerphone and switches to the home screen so as
not to alert the user about what's going on. The called party has
to subscribe to Blackberry's conference calling feature for the
attack to work.