[Infowarrior] - BlackBerry Spyware Dissected
Richard Forno
rforno at infowarrior.org
Wed Jul 15 18:38:35 UTC 2009
http://www.veracode.com/blog/2009/07/blackberry-spyware-dissected/
BlackBerry Spyware Dissected
by Chris Eng
July 15, 2009
< - >
Lots of code analysis here
< - >
The most alarming part about this whole situation is that people only
noticed the malware because it was draining their batteries. The
server receiving the initial registration packets (i.e. “Here I am,
software is installed!”) got overloaded. Devices kept trying to
connect every five seconds to empty the outbound message queue,
thereby causing a battery drain. Some people were reporting on
official BlackBerry forums that their batteries were being depleted
from full charge in as little as half an hour.
The final thing to mention is that the spyware does appear to be
installed in a non-running state by default, where it’s not actually
exfiltrating data once the initial registration packet has gone out.
However, using the command and control mechanism we described earlier,
the carrier can remotely start/stop the service at will on a per-
device basis.
More information about the Infowarrior
mailing list