Video: Blackberry vulnerable to PhoneSnoop bug

Blackberry smartphones can be hacked to let third parties eavesdrop on private conversations.

Blackberry smartphones can be hacked to let third parties eavesdrop on private conversations.

US-CERT, the American IT and network security organisation, confirmed the viability of PhoneSnoop, a proof of concept attack that could allow hackers to listen in to phonecalls on Blackberry smartphones.

"This software allows an attacker to call a user's Blackberry and listen to personal conversations. In order to install and set up the PhoneSnoop application, attackers must have physical access to the user's device or convince a user to install PhoneSnoop," said US-CERT.

The organisations said users should download Blackberry applications only from trusted sources and they should password protect and lock their Blackberry devices.

The attack was revealed by Chopstick, a director of IT Security for an Asia Pacific consulting company. Chopstick, who runs the Chirashi website, showed in October that a Blackberry could be turned into a portable bug to allow eavesdroppers to listen to sounds around or near the handheld.

The video provides a demonstration of the eavesdropping tool. When a known number calls the phone, the application answers the call, activates speakerphone and switches to the home screen so as not to alert the user about what's going on. The called party has to subscribe to Blackberry's conference calling feature for the attack to work.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close