| Release Date | Nov 09, 2009 |
| Detection Availability | Current Antivirus Definition Database Version: 12.196 | | Description | Visible Symptoms
- An application named PhoneSnoop is installed on the phone
- The phone automatically answers calls from a specified phone number
Detailed AnalysisPhoneSnoop is a BlackBerry spyware Proof of Concept that demonstrates how an attacker can remotely
activate the microphone of the handheld and listen to sounds near or around it.
This spyware could be particularly dangerous for privacy if it were to be installed without user's consent. However, this version is a Proof of Concept: it does not particularly try to conceal itself.
The spyware consists of the following files:
- Phonesnoop.jad: a Java Application Descriptor file. The spyware is usually installed by downloading this file.
- PhoneSnoop.jar: the spyware's Java file.
- PhoneSnoop.cod: spyware's compiled Java source code, specifically compiled for BlackBerryOS
The spyware requires the presence of some specific Java BlackBerryOS extensions: net_rim_cldc,net_rim_bbapi_phone,net_rim_os.
Once installed, the spyware must be configured to answer to a specific incoming phone number and activated. It will then automatically answer all calls from that number. This consequently activates the phone's microphone (as for any phone call) so that the remote spy can eavesdrop the phone's surroundings.
This spyware will only work for BlackBerry mobile phones - more precisely BlackBerry OS v4.3 or greater. It does not work on other Java-enabled phones.
|
Description Last Updated Date: Nov 19, 2009
Reference: ID - 1116823
|