loving my "dumb phone" more than ever
When reading news like this, I'm even more thankful for my totally "dumb" and humble little Samsung. It makes phone calls, it receives phone calls. That's it. I love it that way.
A free software program released Thursday turns everyday BlackBerry smartphones into remote bugging devices. Dubbed PhoneSnoop by creator Sheran Gunasekera, the software sits quietly on a targeted BlackBerry and monitors the phone number of each incoming call. When it detects a number set up in the program's preferences …
Ok, call me silly.
You download an app that when an incoming call comes in and the phone number matches one of the selected numbers, the phone turns on its speaker?
Hmmm. ok, so let me get this straight... I'm talking on the phone and I'm not going to notice the speakerphone going on?
Wrong perspective. Person A and Person B are having a real, physical converstaion. You push the software to Person A's bb and dial it up. It then turns on the call monitor and you can hear what A + B are saying to each other.
Great theory, I think kinda lame in reality, but it does highlight bad stuff can be done on the relatively immune Blackberries.
I had the same thought at first, then I realised "within earshot" meant it would be used like a traditional bugging mic, with the difference that it's activated remotely (by incoming call). Then I realised that you'd have to a) leave your phone in the room, b) leave it in such a way that it can't be seen but which won't muffle the mic pickup, and c) know just when to call in to activate it. Even then there's no guarantee that your targets will stay near the device. If I'm understanding it right, then this really is quite moronic.
There seems to be more confusion than normal about this app. If I read the article correctly, the way you would use it (if you were a 'bad guy') is like this: You sneak it onto someone elses phone, with your number (ideally an untraceable trac phone) in it's list.
Then, when you call their phone, it doesn't ring, or do anything obvious, but simply turns on the microphone, and you get to hear everything around it. So, if they are taking notes with it in a meeting (or playing solitaire), you hear the meeting. If they have it on the dresser in the hotel where they're making the beast with two backs with your spouse, you get to hear that. Etc, etc
So, to Ian Michael Gumby, it's not when you're on the phone, since you never know it was called. And to Jason Togneri, it's not *your* phone, it's theirs. Unless you bugged you own phone, which would have limited application, as ostensibly you know what you're up to most of the time.
I remember an article from comp.risks many years ago about a couple having sex when they inadvertently hit the redial button on the phone next to the bed. IIRC, the phone was a kind of speakerphone, so the last person to have been dialled (the woman's mother) was privy to all the kinds of ambient grunting and groaning sounds you would imagine. Believing her daughter to be in trouble (I'm a bit fuzzy on the details, but I think she recognised the voice rather than having caller ID), she called the police to investigate. Red faces all round, as you would expect...
I haven't been able to find the article in question (probably on a backup tape somewhere)... actually, scratch that... here's a link (in case anyone worried I was setting you up for an urban legend with a ring of truth):
http://groups.google.com/group/comp.risks/tree/browse_frm/month/1994-07?_done=%2Fgroup%2Fcomp.risks%2Fbrowse_frm%2Fmonth%2F1994-07%3F&
Damn' straight, man. The only issue I've had is that once in a great while I get the occasional text-message spam; my latest, the other day, was from some mortgage outfit (our house is almost paid for). I registered both my mobile and my wife's on the US DNC List, so I can only surmise that Verizon (spit) sold our number to somebody. Hell, I thought spamming mobiles was illegal in the Colonies no matter what, but apparently Verizon -- if that's indeed the case -- just doesn't give a damn, the ass/arseholes.
"Unlike Apple's iPhone and other smartphones, the BlackBerry hasn't suffered from known vulnerabilities over the past couple of years....."
Apart from bbproxy.
What makes Blackberrys a good target is that corporate ones usually have a BES inside the corporate network - in many cases, on the same VLAN as a bunch of other sensitive servers. Other smartphones typically only have access to an extranet or use a well-constrained VPN.
"Surely every phone with a silent mode and auto-answer can do exactly the same thing?"
Those would show up on the phone's screen, wouldn't they? Also in the call history? Not very stealth, I'd say. Unless you are using it yourself on your phone "forgotten" somewhere else, but anyway...