The US-CERT has issued a warning about a new, free BlackBerry application that transforms the phone into a bugging device.
PhoneSnoop, which runs on the victim's phone, lets an attacker stealthily call the targeted BlackBerry, answer the call, turn on the speakerphone, and let the attacker listen in on the victim. The app has to be configured to recognize the attacker's phone number, and it automatically and quickly answers it to evade detection.
Sheran Gunasekera, the developer of PhoneSnoop, says he was surprised US-CERT identified his app in an advisory. "I am happy that they did, though, because it's one step further in getting the word out," says Gunasekera, who is director of IT security at Hermis Consulting in Jakarta, Indonesia.
"I think the reason my app was flagged was because it's free and more easily accessible" than more expensive commercial spy tools. (more) (video)
Side note: The attacker either needs to have physical access to your Blackberry to load the spyware program, or in some way, trick you into doing it.