BlackBerry Security: Comprimised Or Slightly Over Blown?

The internet is buzzing lately regarding the recent annoucement of a proof of concept spyware presentation that was delivered at ShmooCon2010 by the folks over at Veracode. The concept video and presentation shows how a BlackBerry device could basically be overtaken by simply installing an application, which allows for all sorts of nasty to happen. Emails forwarded, text messages forwarded even remote listening of conversations from a BlackBerry sitting on a close by table.

One thing thing the presentation neglects is the fact these things have been in the BlackBerry OS for quite some time now. The "listeners" are actually built direct into the APIs delivered by Research In Motion. Some trusted companies have even made great use of them, SmrtGuard being one of them by leveraging the remote listen option in their offerings. There really is nothing new here and just like a virus anywhere else, this proof of concept still needs the human element in order to work. You wouldn't go installing some unknown application on your PC these days would you? Not likely. So why would you do so on your BlackBerry? The logic is pretty much the same. If you are unsure of what something does don't install it. Especially if its not coming from a trusted source.

More and more these days, we're seeing articles pop up that claim whatever to be the next worst thing to happen to BlackBerry security. Everything from buggered versions of BlackBerry Messenger to people sending mass BBM messages about how files will erase your hard drive. Fact of the matter remains, BlackBerry is still as strong in the security realm as it always was.

As Al Sacco wrote, these sorts of actions are totally reliant upon a whole chain of events that must occur before your BlackBerry can even be considered "infiltrated" or for the 1337 among you, pwn3d. Als article not only outlines the ways to prevent such things from happening but also looks at the real world possibility of such things occuring to those who aren't out to prove something with a proof of concept. Now if you'll excuse me, I have to find my tinfoil hat ;)