A free software program released Thursday turns everyday BlackBerry smartphones into remote bugging devices. Dubbed PhoneSnoop by creator Sheran Gunasekera, the software sits quietly on a targeted BlackBerry and monitors the phone number of each incoming call. When it detects a number set up in the program's preferences section …
loving my "dumb phone" more than ever
When reading news like this, I'm even more thankful for my totally "dumb" and humble little Samsung. It makes phone calls, it receives phone calls. That's it. I love it that way.
I don't get it...
Ok, call me silly.
You download an app that when an incoming call comes in and the phone number matches one of the selected numbers, the phone turns on its speaker?
Hmmm. ok, so let me get this straight... I'm talking on the phone and I'm not going to notice the speakerphone going on?
Easy to do...
Hey Bob, can I borrow your phone for a bit. My battery is dead and I need to make a call/email.
Simple if you ask me to install on a "victim".
Not that I'd do that mind you.
Wrong perspective. Person A and Person B are having a real, physical converstaion. You push the software to Person A's bb and dial it up. It then turns on the call monitor and you can hear what A + B are saying to each other.
Great theory, I think kinda lame in reality, but it does highlight bad stuff can be done on the relatively immune Blackberries.
@ Ian and Phil
I had the same thought at first, then I realised "within earshot" meant it would be used like a traditional bugging mic, with the difference that it's activated remotely (by incoming call). Then I realised that you'd have to a) leave your phone in the room, b) leave it in such a way that it can't be seen but which won't muffle the mic pickup, and c) know just when to call in to activate it. Even then there's no guarantee that your targets will stay near the device. If I'm understanding it right, then this really is quite moronic.
it looks like more people are gonna be RIMMED!
@Mike Flugennock re. loving my "dumb phone"...
My Nokia 6310i is still going strong and I've bought another from e-bay in case it dies. It does everything I need and nothing more.
Err, I don't think you get it
There seems to be more confusion than normal about this app. If I read the article correctly, the way you would use it (if you were a 'bad guy') is like this: You sneak it onto someone elses phone, with your number (ideally an untraceable trac phone) in it's list.
Then, when you call their phone, it doesn't ring, or do anything obvious, but simply turns on the microphone, and you get to hear everything around it. So, if they are taking notes with it in a meeting (or playing solitaire), you hear the meeting. If they have it on the dresser in the hotel where they're making the beast with two backs with your spouse, you get to hear that. Etc, etc
So, to Ian Michael Gumby, it's not when you're on the phone, since you never know it was called. And to Jason Togneri, it's not *your* phone, it's theirs. Unless you bugged you own phone, which would have limited application, as ostensibly you know what you're up to most of the time.
not exactly new
I remember an article from comp.risks many years ago about a couple having sex when they inadvertently hit the redial button on the phone next to the bed. IIRC, the phone was a kind of speakerphone, so the last person to have been dialled (the woman's mother) was privy to all the kinds of ambient grunting and groaning sounds you would imagine. Believing her daughter to be in trouble (I'm a bit fuzzy on the details, but I think she recognised the voice rather than having caller ID), she called the police to investigate. Red faces all round, as you would expect...
I haven't been able to find the article in question (probably on a backup tape somewhere)... actually, scratch that... here's a link (in case anyone worried I was setting you up for an urban legend with a ring of truth):
@ frank ly re: loving my "dumb phone"
Damn' straight, man. The only issue I've had is that once in a great while I get the occasional text-message spam; my latest, the other day, was from some mortgage outfit (our house is almost paid for). I registered both my mobile and my wife's on the US DNC List, so I can only surmise that Verizon (spit) sold our number to somebody. Hell, I thought spamming mobiles was illegal in the Colonies no matter what, but apparently Verizon -- if that's indeed the case -- just doesn't give a damn, the ass/arseholes.
I will push this to my workmates via the BES ASAP!!!
Neat espionage device. Gotta stealth this to my competitor...
Similar for WinMobile
There's an app called PhoneCreeper released for WinMobile which allows this, text forwarding, remote message display, remote wipe of memory, activation of location services, and many other features.
I've put it on my own phone to ensure I can locate it if stolen or lost.
.. the only problem I can see with this is that most personal BB users are inseperable from there phones. However if its a work phone most people tend to treat it like the box of china at the beginning of Ace Ventura.
Paris because its Friday.
"Unlike Apple's iPhone and other smartphones, the BlackBerry hasn't suffered from known vulnerabilities over the past couple of years....."
Apart from bbproxy.
What makes Blackberrys a good target is that corporate ones usually have a BES inside the corporate network - in many cases, on the same VLAN as a bunch of other sensitive servers. Other smartphones typically only have access to an extranet or use a well-constrained VPN.
It's much simpler
You don't install anything on a victims phone. You install it on your own phone and leave it in a room that you want to bug.
What's so special about this? Surely every phone with a silent mode and auto-answer can do exactly the same thing?
BES policy anyone
Any sane admin will have locked down the BB so that the user can't install extra apps any how. The same way as you would stop people from installing crap on their work PC.
The television show Burn Notice has used the leave-your-rigged-throw-away-phone-in-the-villain's-lair-and-call-it-as-a-bug-later trick several times.
After reading the comments (including my earlier one), two things are apparent:-
The exploit is a POC, and has little real-world value.
Second, the article should be clearer about how the app itself is actually utilized as the details are ambiguous.
silent mode and auto-answer?
"Surely every phone with a silent mode and auto-answer can do exactly the same thing?"
Those would show up on the phone's screen, wouldn't they? Also in the call history? Not very stealth, I'd say. Unless you are using it yourself on your phone "forgotten" somewhere else, but anyway...