Skip to main content

Malware targets BlackBerrys

Malware targets BlackBerrys

Security expert Tyler Shields has demonstrated the ease with which BlackBerry security flaws can be exploited by SMS-borne malicious software, which should worry current users who keep their lives on their smartphones.

Mr Shields has written a small program that can be sent to the unwitting victim via SMS. On receipt, the SMS causes the infected BlackBerry to post its entire contacts list to the sender of the original SMS and the software can also cause the infected BlackBerry to covertly forward all other SMS messages on to the criminal.

The demonstration also showcased the further worrying potential of easily transmitted malware, as Mr Shields could readily harvest far more personal data including call logs and even GPS read outs to pinpoint the BlackBerry user.

According to CNet, Mr Shields is going to make the source code for his malware demo accessible in an attempt to highlight just how simple it could be for software such as this to be crafted by the wrong hands.

In order to infect the BlackBerry it is necessary to get the user to run the executable, but with mobile phishing sites and bogus emails commonly used to dupe desktop users, it would clearly be easy to trick just as many people in the mobile phone world.

BlackBerry users are being urged not to become too concerned with the threat, but also to make themselves aware of the built in security measures that their mobile phones have on offer, including the ability to block certain apps running without express user permission being received.

As with the recent iPhone based threats posed by malware masquerading as innocent-looking apps, Mr Shields is also looking for increasingly stringent checks and safeguards to be put in place when analysing apps submitted for download from the BlackBerry app store.

Research in Motion (RIM) has been contacted by Mr Shields and he has made his suggestions for improvements to them.

However, RIM stated: "We won't make any comment as to how the security of the App Center operates."

back to top