Security threats Toolkit

RIM unconcerned by BlackBerry spyware

Brett Winterford ZDNet Australia

Published: 04 Jul 2007 10:09 BST

Mobile-device manufacturer RIM is unconcerned about a new release of software that aims to compromise the security of a BlackBerry device.

The latest version of legal spying software FlexiSpy enables remote third parties to bug the voice calls, log SMS and mobile email messages and track the location of a BlackBerry user.

Ian Robertson, senior manager of security and research at RIM, said users need not be particularly worried about the capability of FlexiSpy.

"While it's the subject of some debate, I don't consider it a virus nor a Trojan, as it does require conscientious effort from the user to load the program," he said.

Robertson said an average user that maintains good hygiene would never see the software loaded onto their device without their knowledge.

There are some basic steps, he said, that users can take to protect themselves.

First, a user should set a password for their device so that nobody else can physically load the application. "This is the same for any device, be it a laptop or a smartphone," he said.

Second, the user should only load applications from known and trusted sources.

"With those two methods alone, no surreptitious software can be inadvertently loaded onto the device," he said.

VIDEO

Dialogue Box 4.7: Transcontinental laptop challenge

Rupert lands in San Francisco with a non-booting laptop, which Charles tries to fix remotely from London. Then a colleague from down under calls in with a 'crook' notebook. Can Charles banish the blue screen of death?

View full video

Finally, the BlackBerry service comes with a built-in software firewall. "If it isn't enabled already, be sure to have it switched on," Robertson said.

The firewall would, in the case of FlexiSpy being active, prompt the user that something is trying to access the device.

"It would say something like: this application wants to make a connection to the device — cancel or allow?"

Robertson said that it is not entirely true that the FlexiSpy application works without the user knowing they are being spied upon.

"There are ways you can tell if the program is loaded onto the device," he said. "First, the control panel for the application makes use of SMS messages, which don't appear like regular messages. Second, the application is visible if one views the files loaded onto the device."

That's assuming of course, that a user has the technical nous to understand their BlackBerry's control panel.

Robertson said that, despite the marketing of sinister applications such as FlexiSpy, BlackBerry users are protected.

"We provide a fantastic platform and rich controls to allow security to be tailored to meet an organisation's needs," he said. "There are over 250 IT policies and complete application control — far and away beyond anything else in this space."

Concerned users can read whitepapers on protecting their BlackBerry from malware here.