Veracodes spyware monkey steals the berries
Page 1 of 2 12 LastLast
Results 1 to 20 of 26

Thread: Veracodes spyware monkey steals the berries

  1. #1
    breiti is offline BlackBerryOS Addict Follow breiti On Twitter
    Join Date
    Dec 2009
    Location
    Germany
    PIN
    please ask
    Device
    9500
    OS
    always the latest
    Posts
    782
    Liked
    0 times

    Veracodes spyware monkey steals the berries



    WOW, I've just came across this blog post, which is spreading at an incredible rate on the net right now: Veracode has just demonstrated that there is no absolute security. With TXSBBSpy, written and released as source code (but not as an executable version) by Tyler Shields, a senior researcher at the Veracode Research Lab, it is possible to create BlackBerry spyware, that can steal information from your BlackBerry. In a demonstration a few days ago a single SMS made a berry remotely forward it's contact list to a predefined e-mail, or to e-mail any outgoing SMS message to this address as well, without the owner even taking notice of it. Although in theory the BlackBerry platform has quite a number of security mechanisms in place that could be used against these types of attacks, most users are not careful enough to set the options to limit what access to specific types of data a particular app can have. Scary, isn't it?!

    Last edited by sunkast; 02-10-2010 at 06:47 PM.





  2. #2
    sunkast Guest
    And the likelihood of this actually happening doesn't seem too high.

  3. #3
    Bugly's Avatar
    Bugly is offline BlackBerryOS Gifted Follow Bugly On Twitter
    Join Date
    Jul 2009
    Location
    Hilltop, TACO-ma, Wash.
    PIN
    307959E6
    Device
    Antique 9530
    OS
    Whatever works today
    Posts
    353
    Liked
    0 times
    Most of us don't answer calls or texts from strange numbers anyway, and this would be from an unknown caller. The likelihood of this happening is much less than one would think. I personally don't keep any usable information on my blackberry or my pc, for that matter. Also, I like to think that none of my information would interest anyone trying to intercept something. My contacts are either family, friends or customers who's cars I've worked on. pretty mundane.
    Have you ever wondered why things intended to make our lives simpler keep getting more complicated to use?

  4. #4
    fratts is offline BlackBerryOS Friend
    Join Date
    Dec 2009
    PIN
    311c188d
    Device
    9630
    OS
    5.0.0.419
    Posts
    43
    Liked
    0 times
    Even if this does become a problem, I can't imagine RIM letting it go too far without coming up with some way of blocking it. After all, they are best known for how safe their devices are.

  5. #5
    breiti is offline BlackBerryOS Addict Follow breiti On Twitter
    Join Date
    Dec 2009
    Location
    Germany
    PIN
    please ask
    Device
    9500
    OS
    always the latest
    Posts
    782
    Liked
    0 times
    Quote Originally Posted by Bugly View Post
    Most of us don't answer calls or texts from strange numbers anyway, and this would be from an unknown caller.
    Sure it would? What about me telling the world that I am Ubertwitter with the new .605 release?


  6. #6
    PROB1's Avatar
    PROB1 is offline BlackBerryOS Inspired Follow PROB1 On Twitter
    Join Date
    Nov 2009
    Location
    Central New York
    PIN
    3229CE01
    Device
    Bold 9650
    OS
    6.0.0.222
    Posts
    101
    Liked
    1 times
    Gotta love the monkey though! Does the app Kisses stop this? Is there a list somewhere that guides what our settings should be? :aargh4:

  7. #7
    breiti is offline BlackBerryOS Addict Follow breiti On Twitter
    Join Date
    Dec 2009
    Location
    Germany
    PIN
    please ask
    Device
    9500
    OS
    always the latest
    Posts
    782
    Liked
    0 times
    Kisses? Not sure, but it at least reads as if it could be able to...re the settings, maybe this presentation of veracode gives some more insight


  8. #8
    era3z's Avatar
    era3z is offline BlackBerryOS Inspired Follow era3z On Twitter
    Join Date
    Nov 2009
    Location
    Jakarta, Indonesia
    PIN
    256f68a* (ask =p)
    Device
    Cars, Medicine Tennis, Basketball, Billiards Comics, Mystery novels Mr.bean (shqip), The Bodyguard f
    Posts
    159
    Liked
    3 times
    jeez.... I knew it.. there's no absolute security.... there must be a way to crack in... but yeah.... just don't answer stranger's call (unknown or private number), or just don't store important information on your BB...

  9. #9
    breiti is offline BlackBerryOS Addict Follow breiti On Twitter
    Join Date
    Dec 2009
    Location
    Germany
    PIN
    please ask
    Device
    9500
    OS
    always the latest
    Posts
    782
    Liked
    0 times
    Quote Originally Posted by era3z View Post
    jeez.... I knew it.. there's no absolute security.... there must be a way to crack in... but yeah.... just don't answer stranger's call (unknown or private number), or just don't store important information on your BB...
    Kinda sad, I've always thought (naively) that my BB is absolutely secure, and that I could use it for very private info... hurts to see that I could be wrong with a single new app install... now I need a guard to kill my berry with a single click or mail!


  10. #10
    ealvnv's Avatar
    ealvnv is offline BlackBerryOS Master Follow ealvnv On Twitter
    Join Date
    Mar 2009
    Location
    Saturn
    PIN
    which one?
    Device
    9900/PlayBook
    OS
    good question
    Carrier
    All of them
    Posts
    2,405
    Liked
    9 times
    Is not just with a single app install but with a single permissions modification, yet with the spyware installed via an app, if the permission are correctly set and the app is has not been given trusted status you are safe.
    What most people need to do is read and learn what the bb terminology means, in example what giving trusted status to an app means is unknown for most blackberry users.
    Posted via mobile device

  11. #11
    breiti is offline BlackBerryOS Addict Follow breiti On Twitter
    Join Date
    Dec 2009
    Location
    Germany
    PIN
    please ask
    Device
    9500
    OS
    always the latest
    Posts
    782
    Liked
    0 times
    Quote Originally Posted by ealvnv View Post
    What most people need to do is read and learn what the bb terminology means, in example what giving trusted status to an app means is unknown for most blackberry users.
    Posted via mobile device
    Exactly! But I find this very difficult myself. Is there any good reading or advice about bb app permission terminology you could recommend?


  12. #12
    ealvnv's Avatar
    ealvnv is offline BlackBerryOS Master Follow ealvnv On Twitter
    Join Date
    Mar 2009
    Location
    Saturn
    PIN
    which one?
    Device
    9900/PlayBook
    OS
    good question
    Carrier
    All of them
    Posts
    2,405
    Liked
    9 times
    how about blackberry answers on your phone via the blackberry home page, you dont know how many answers you can find in there
    BlackBerry by Choice!

  13. #13
    era3z's Avatar
    era3z is offline BlackBerryOS Inspired Follow era3z On Twitter
    Join Date
    Nov 2009
    Location
    Jakarta, Indonesia
    PIN
    256f68a* (ask =p)
    Device
    Cars, Medicine Tennis, Basketball, Billiards Comics, Mystery novels Mr.bean (shqip), The Bodyguard f
    Posts
    159
    Liked
    3 times
    Quote Originally Posted by breiti View Post
    Kinda sad, I've always thought (naively) that my BB is absolutely secure, and that I could use it for very private info... hurts to see that I could be wrong with a single new app install... now I need a guard to kill my berry with a single click or mail!
    smrtgrd?

    or just put it inside your wallet...? well the most secure place is in your head... but to mention about our brain capability... hm..........:bandit:

  14. #14
    fwdiva's Avatar
    fwdiva is offline BlackBerryOS Enthusiast
    Join Date
    Dec 2009
    Location
    ~DFW Baby!!
    PIN
    ask me ;o)~
    Device
    Storm
    OS
    5.0.0.419
    Posts
    57
    Liked
    0 times
    I've been wondering about security on the bb, especially since it is a mini computer and anything that has capability to surf the net of send and recieve stuff is surely, more than likely able to be hacked into...ugh, they will never stop will they, but I'm sure this will get some attention at RIM to start configuring new high tech security! It's so impossible to simply store stuff on paper anymore, you're so much more likely to lose it that way and besides it will still be able to be stolen just as your wallet is..oh, well, just have to start storing in my head as with the hundreds of passwords I use for every site I am subscribed to, it's a wonder how my brain can handle all those passwords...aye, yi, yi!!

  15. #15
    breiti is offline BlackBerryOS Addict Follow breiti On Twitter
    Join Date
    Dec 2009
    Location
    Germany
    PIN
    please ask
    Device
    9500
    OS
    always the latest
    Posts
    782
    Liked
    0 times
    Quote Originally Posted by fwdiva View Post
    I've been wondering about security on the bb, especially since it is a mini computer and anything that has capability to surf the net of send and recieve stuff is surely, more than likely able to be hacked into...ugh, they will never stop will they, but I'm sure this will get some attention at RIM to start configuring new high tech security! It's so impossible to simply store stuff on paper anymore, you're so much more likely to lose it that way and besides it will still be able to be stolen just as your wallet is..oh, well, just have to start storing in my head as with the hundreds of passwords I use for every site I am subscribed to, it's a wonder how my brain can handle all those passwords...aye, yi, yi!!
    Ok, please tell me a few of your PWs, so I will store them for you

    You're absolutely right imho - a "computerized device", the net, and again all the idiots just having to hack and to destroy...

    Not those, showing that it can be done, but those really exploiting it...


  16. #16
    ealvnv's Avatar
    ealvnv is offline BlackBerryOS Master Follow ealvnv On Twitter
    Join Date
    Mar 2009
    Location
    Saturn
    PIN
    which one?
    Device
    9900/PlayBook
    OS
    good question
    Carrier
    All of them
    Posts
    2,405
    Liked
    9 times
    Hey sometimes hackers hack because is needed to find a way to not be hacked....but once again is that easy...
    Posted via mobile device

  17. #17
    Bugly's Avatar
    Bugly is offline BlackBerryOS Gifted Follow Bugly On Twitter
    Join Date
    Jul 2009
    Location
    Hilltop, TACO-ma, Wash.
    PIN
    307959E6
    Device
    Antique 9530
    OS
    Whatever works today
    Posts
    353
    Liked
    0 times
    The fact is; there is NO absolute security in any part of our lives. Refer to the pictures you can call up on Google earth, some of those pictures are from satellites, and clearly show people doing whatever they were doing at the time.
    Another issue is the fact that in our post-911 world, our governmental officials have given themselves more and more lenience on wiretapping and personal surveillance.
    Issues such as this program should be met with personal responsibility and careful watchdogging over your private information, such as; not putting anything you don't want to be public anywhere it can be found.
    I read last night that there is an Army Intelligence Specialist that has devised a way to "hack" into hardware designed to encrypt information. Am I worried about this? Sure, but i also keep my information off devices that can be hacked into.
    Armin, I am not trying to make light of this in any way, I am just trying to point out that we all have the responsibility to keep our information safe, and I strongly encourage this practice. If more people did this on their own, these types of "hacking" threats would be moot.
    Just my $0.02, of course.
    Last edited by Bugly; 02-09-2010 at 02:29 PM. Reason: spelling fix
    Have you ever wondered why things intended to make our lives simpler keep getting more complicated to use?

  18. #18
    breiti is offline BlackBerryOS Addict Follow breiti On Twitter
    Join Date
    Dec 2009
    Location
    Germany
    PIN
    please ask
    Device
    9500
    OS
    always the latest
    Posts
    782
    Liked
    0 times
    Quote Originally Posted by Bugly View Post
    Armin, I am not trying to make light of this in any way, I am just trying to point out that we all have the responsibility to keep our information safe, and I strongly encourage this practice. If more people did this on their own, these types of "hacking" threats would be moot.
    Just my $0.02, of course.
    I couldn't agree more -especially since I have not much if not anything to hide at all ...yet, I thought it would be more difficult on a BB than on a PC (hey, I am still on PC although Apple is so much more secure) or any other phone. So I will def. go to understand more about app permissions in the future...


  19. #19
    Merschz is offline BlackBerryOS Friend
    Join Date
    Jul 2009
    Posts
    21
    Liked
    0 times
    I don't know about you guys, but I don't go around just installing stuff. I only install things from trusted sources and as much as I like to be an "earlier adopter" I don't get software til I know of other people getting it first.

  20. #20
    wobly is offline BlackBerryOS Enthusiast
    Join Date
    Mar 2009
    Location
    Colorado Springs, CO
    Device
    8900
    OS
    5.0.something.something
    Posts
    61
    Liked
    1 times
    Another reason to use Blackberry Messenger!!

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •