Experts warn of BlackBerry bugging app

A proof-of-concept app can turn a BlackBerry into a snooping device

The US Computer Emergency Readiness Team has issued a security alert concerning a free application for the BlackBerry which can turn the handset into a bugging device.

The software needs to be installed on a target device by someone with access to it, or by tricking the user into downloading the application.

"You install and run PhoneSnoop on a victim's BlackBerry," wrote Sheran Gunasekera, the application's author, in a blog post.

"PhoneSnoop sets up a PhoneListener and waits for an incoming call from a specific number. Once it detects a call from that specific number, it automatically answers the victim's phone and puts the phone into SpeakerPhone mode. This way, the attacker that called can now hear what's going on at the victim's end."

Gunasekera said that the software was written as a proof-of-concept to show how easy it would be to turn the BlackBerry into a bugging device. The code is not on general release, but is in circulation, which may have prompted the security alert.

The application is easily detectable as it shows up on the BlackBerry applications page, unlike other phone bugging software like Flexispy and Mobile Spy.

Gunasekera has released a tool called Kisses that allows BlackBerry users to identify any hidden applications on their handsets.