Veracode has released Blackberry-specific spyware, which the code-review specialist intends as a “call for defensive research” to show that the BlackBerry is vulnerable to spyware problems.
“The Blackberry ‘sandbox’ keeps you from getting into the operating system level. It’s effective for that,” says Tyler Shields, senior researcher at Veracode Research Lab and author of the Blackberry spyware. “BlackBerry is one of the better operating systems in regards to security,” he says, “but in the sandbox you can steal data.”
Shields says the point in releasing the spyware source code, which he calls TXSBBspy, is to “show how easy it is to write this code.” He calls the source code a blueprint for malware on the BlackBerry, showing how it’s possible to remotely dump all the contents, send the contents via e-mail, and conduct real-time monitoring of phone messages.
Shields says his purpose is to inspire a “call to action” to encourage development of BlackBerry applications to make it clear what these apps do before releasing them.