By Brett Winterford
04 July 2007
Mobile device manufacturer Research in Motion (RIM) is unconcerned about
a new release of software that aims to compromise the security of a
As reported yesterday, the latest version of legal spying software
FlexiSPY enables remote third parties to bug the voice calls, log SMS
and mobile e-mail messages and track the location of a BlackBerry user.
Ian Robertson, senior manager of security and research at RIM, said
users need not be particularly worried about the capability of FlexiSPY.
"While it's the subject of some debate, I don't consider it a virus nor
a Trojan, as it does require conscientious effort from the user to load
the program," he said.
Robertson said an average user that maintains good hygiene would never
see the software loaded onto their device without their knowledge.
There are some basic steps, he said, that users can take to protect
First, a user should set a password for their device so that nobody else
can physically load the application. "This is the same for any device,
be it a laptop or a smartphone," he said.
Second, the user should only load applications from known and trusted
"With those two methods alone, no surreptitious software can be
inadvertently loaded onto the device," he said.
Finally, the BlackBerry service comes with a built-in software firewall.
"If it isn't enabled already, be sure to have it switched on," Robertson
The firewall would, in the case of FlexiSPY being active, prompt the
user that something is trying to access the device.
"It would say something like -- this application wants to make a
connection to the device -- cancel or allow?"
Robertson said that it is not entirely true that the FlexiSPY
application works without the user knowing they are being spied upon.
"There are ways you can tell if the program is loaded onto the device,"
he said. "First, the control panel for the application makes use of SMS
messages, which don't appear like regular messages. Second, the
application is visible if one views the files loaded onto the device."
That's assuming of course, that a user has the technical nous to
understand their BlackBerry's control panel.
Robertson said that despite the marketing of sinister applications such
as FlexiSPY, BlackBerry users are protected.
"We provide a fantastic platform and rich controls to allow security to
be tailored to meet an organisation's needs," he said. "There are over
250 IT policies and complete application control -- far and away beyond
anything else in this space."
Concerned users can read white papers on protecting their BlackBerry
from malware here.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com