Another alarming presentation from Shmoocon 2010, discussing Blackberry spyware is now available online. The presentation gives an example of what happened in Etisalat Trojan in 2009, and raises lots of issues as written in the conclusion part:
- Mobile spyware is trivial to write
- Minimal methods of real time eradication or detection of spyware type activities
- Security model of mobile platforms too loose
- No easy/automated way to confirm for ourselves what the applications are actually doing
- We are currently trusting the vendor application store provider for the majority of our mobile device security.
A proof of concept spyware demonstrated how it can be used to dump contacts and messages, intercept text messages, eavesdrop on the room, report on phone usage, and monitor GPS data.
Slides are available here, and the demo is here.