Thread: Veracodes spyware monkey steals the berries

WOW, I've just came across this blog post, which is spreading at an incredible rate on the net right now: Veracode has just demonstrated that there is no absolute security. With TXSBBSpy, written and released as source code (but not as an executable version) by Tyler Shields, a senior researcher at the Veracode Research Lab, it is possible to create BlackBerry spyware, that can steal information from your BlackBerry. In a demonstration a few days ago a single SMS made a berry remotely forward it's contact list to a predefined e-mail, or to e-mail any outgoing SMS message to this address as well, without the owner even taking notice of it. Although in theory the BlackBerry platform has quite a number of security mechanisms in place that could be used against these types of attacks, most users are not careful enough to set the options to limit what access to specific types of data a particular app can have. Scary, isn't it?!

[Veracode]

And the likelihood of this actually happening doesn't seem too high.

Most of us don't answer calls or texts from strange numbers anyway, and this would be from an unknown caller. The likelihood of this happening is much less than one would think. I personally don't keep any usable information on my blackberry or my pc, for that matter. Also, I like to think that none of my information would interest anyone trying to intercept something. My contacts are either family, friends or customers who's cars I've worked on. pretty mundane.

Even if this does become a problem, I can't imagine RIM letting it go too far without coming up with some way of blocking it. After all, they are best known for how safe their devices are.

Originally Posted by Bugly

Most of us don't answer calls or texts from strange numbers anyway, and this would be from an unknown caller.

Sure it would? What about me telling the world that I am Ubertwitter with the new .605 release?

Gotta love the monkey though! Does the app Kisses stop this? Is there a list somewhere that guides what our settings should be? :aargh4:

Kisses? Not sure, but it at least reads as if it could be able to...re the settings, maybe this presentation of veracode gives some more insight

jeez.... I knew it.. there's no absolute security.... there must be a way to crack in... but yeah.... just don't answer stranger's call (unknown or private number), or just don't store important information on your BB...

Originally Posted by era3z

jeez.... I knew it.. there's no absolute security.... there must be a way to crack in... but yeah.... just don't answer stranger's call (unknown or private number), or just don't store important information on your BB...

Kinda sad, I've always thought (naively) that my BB is absolutely secure, and that I could use it for very private info... hurts to see that I could be wrong with a single new app install... now I need a guard to kill my berry with a single click or mail!

Is not just with a single app install but with a single permissions modification, yet with the spyware installed via an app, if the permission are correctly set and the app is has not been given trusted status you are safe.
What most people need to do is read and learn what the bb terminology means, in example what giving trusted status to an app means is unknown for most blackberry users.
Posted via mobile device

Originally Posted by ealvnv

What most people need to do is read and learn what the bb terminology means, in example what giving trusted status to an app means is unknown for most blackberry users.
Posted via mobile device

Exactly! But I find this very difficult myself. Is there any good reading or advice about bb app permission terminology you could recommend?

how about blackberry answers on your phone via the blackberry home page, you dont know how many answers you can find in there

Originally Posted by breiti

Kinda sad, I've always thought (naively) that my BB is absolutely secure, and that I could use it for very private info... hurts to see that I could be wrong with a single new app install... now I need a guard to kill my berry with a single click or mail!

smrtgrd?

or just put it inside your wallet...? well the most secure place is in your head... but to mention about our brain capability... hm..........:bandit:

I've been wondering about security on the bb, especially since it is a mini computer and anything that has capability to surf the net of send and recieve stuff is surely, more than likely able to be hacked into...ugh, they will never stop will they, but I'm sure this will get some attention at RIM to start configuring new high tech security! It's so impossible to simply store stuff on paper anymore, you're so much more likely to lose it that way and besides it will still be able to be stolen just as your wallet is..oh, well, just have to start storing in my head as with the hundreds of passwords I use for every site I am subscribed to, it's a wonder how my brain can handle all those passwords...aye, yi, yi!!

Originally Posted by fwdiva

I've been wondering about security on the bb, especially since it is a mini computer and anything that has capability to surf the net of send and recieve stuff is surely, more than likely able to be hacked into...ugh, they will never stop will they, but I'm sure this will get some attention at RIM to start configuring new high tech security! It's so impossible to simply store stuff on paper anymore, you're so much more likely to lose it that way and besides it will still be able to be stolen just as your wallet is..oh, well, just have to start storing in my head as with the hundreds of passwords I use for every site I am subscribed to, it's a wonder how my brain can handle all those passwords...aye, yi, yi!!

Ok, please tell me a few of your PWs, so I will store them for you

You're absolutely right imho - a "computerized device", the net, and again all the idiots just having to hack and to destroy...

Not those, showing that it can be done, but those really exploiting it...

Hey sometimes hackers hack because is needed to find a way to not be hacked....but once again is that easy...
Posted via mobile device

The fact is; there is NO absolute security in any part of our lives. Refer to the pictures you can call up on Google earth, some of those pictures are from satellites, and clearly show people doing whatever they were doing at the time.
Another issue is the fact that in our post-911 world, our governmental officials have given themselves more and more lenience on wiretapping and personal surveillance.
Issues such as this program should be met with personal responsibility and careful watchdogging over your private information, such as; not putting anything you don't want to be public anywhere it can be found.
I read last night that there is an Army Intelligence Specialist that has devised a way to "hack" into hardware designed to encrypt information. Am I worried about this? Sure, but i also keep my information off devices that can be hacked into.
Armin, I am not trying to make light of this in any way, I am just trying to point out that we all have the responsibility to keep our information safe, and I strongly encourage this practice. If more people did this on their own, these types of "hacking" threats would be moot.
Just my $0.02, of course.

Originally Posted by Bugly

Armin, I am not trying to make light of this in any way, I am just trying to point out that we all have the responsibility to keep our information safe, and I strongly encourage this practice. If more people did this on their own, these types of "hacking" threats would be moot.
Just my $0.02, of course.

I couldn't agree more -especially since I have not much if not anything to hide at all ...yet, I thought it would be more difficult on a BB than on a PC (hey, I am still on PC although Apple is so much more secure) or any other phone. So I will def. go to understand more about app permissions in the future...

I don't know about you guys, but I don't go around just installing stuff. I only install things from trusted sources and as much as I like to be an "earlier adopter" I don't get software til I know of other people getting it first.

Another reason to use Blackberry Messenger!!