// you’re reading...

BlackBerry

PhoneSnoop – Turn a BlackBerry into a portable bug

By chopstick October 19, 2009 Post a comment
Filed Under  , , , , , , , ,

I’m back at work after attending Hack in the Box security conference.  It was an excellent conference and I managed to catch up with a few friends and industry professionals.  The Malaysian conference is still by far bigger than the one held in Dubai.  This year saw roughly 600 people.  I also heard that the HITB crew is adding a new location to the list of venues – Amsterdam.  Now that will most likely be an awesome con.

I promised everyone at the conference that I’d have a working application that can spy on the audio of other users who own a BlackBerry.  I am ready to deliver on that promise today.  This post is a prelude to the release of the tool.  I’ve so far not packaged it with Bugs.  Its a separate program that I named PhoneSnoop.  Please note that PhoneSnoop is not an application that does Phone Taps or give you the ability to listen into phone calls.  It can be done, however, and you can read more on that how to tap calls hereI’d like to have some volunteer beta testers  to see how well the application works You can now download PhoneSnoop directly from here by using your BlackBerry (be sure to read the guide and also make sure to set your input language to English US for the app to work correctly).  You will be able to configure your own phone number.  If you’re interested, please mail me on zen.chopstick@gmail.com For the chickens out there, here’s a video of the app in action (I’ve not got audio on it, but it has closed captioning so make sure you turn it on).  I’m working on a video that shows the app on a real handheld with commentary, but for now, make do with this :p

PhoneSnoop – BlackBerry Bugging Application

Here’s how it works:

You install and run PhoneSnoop on a victims’ BlackBerry.  PhoneSnoop sets up a PhoneListener and waits for an incoming call from a specific number.  Once it detects a call from that specific number, it automatically answers the victims’ phone and puts the phone into SpeakerPhone mode.  This way, the attacker that called can now hear whats going on at the victims end.  Pretty simple right?  In the video above, I have setup PhoneSnoop to listen in for calls originating from +12120031337.  I first make a call from +12120031336 to show that there’s no effect.  Then, I show what happens when a call is made from the expected number.  The demo is on the BlackBerry simulator for now, but I’m working on bringing you a video that demonstrates the application on a real BlackBerry Bold.

Installation Instructions:

  1. Grab your friend’s BlackBerry
  2. Download PhoneSnoop from the URL I mail you
  3. Once installed, go to Options->Advanced Options->Applications->PhoneSnoop->Edit Permissions and change the “Input Simulation/Event Injection” to “Allow”
  4. Run PhoneSnoop

Checking the bugging capabilities:

  1. Call the victims phone number
  2. Listen

I will need to give you a customized version of PhoneSnoop hence there’s no download.  If you’re interested in trying it, mail me at zen.chopstick@gmail.com.  Include your phone number so that I can code it into the application.  I’m not doing a general release at the moment because of the implications of this tool.  I’m mainly looking for feedback so that I can refine the tool and write a paper on it. The tool is now available for general release.  Anyone can download it.  Go here to read more.

Share this on:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Reddit
  • StumbleUpon
  • Tumblr
  • Twitter
  • Slashdot

Discussion

View Comments for “PhoneSnoop – Turn a BlackBerry into a portable bug”

  • That is so good..
  • Oh thats so funny!
  • dfdsfsd
    dfsdg
  • In order to install and setup the PhoneSnoop application, attackers must have ... Chirashi Security!
  • ha ha ha.. nice...
  • Mitchell T
    Lmfao! I changed the permission on the Keystroke Injection to allow, called my phone and it picked up after one ring and went back to the Home screen as though I had hung up. The funny part though is when I talked on my home phone, my voice came through crystal clear on the spied phone as though I had turned on the speaker phone option. Use at your own risk and be sure not to make a peep because the spied party will definitely hear you.
  • Mitchell T
    Tried it on my 8330 but could not get it to work as there is no Input Simulation/Event Injection option.
  • getfam1liar
    I got it to work on my Blackberry 9700. Sure the phone rings once, but hey it's a free application! I added the help of the "bluff my call" app also free. I downloaded the PHONESNOOP app to my girl's phone, put in a trigger number (that will stay the same)...due to the fact i can bluff my call with that exact number i gave her anytime. Never needing to change her trigger number, as long as i remember it to put as the "bluff my call" number. Worked Great! Thanks!
  • shadow
    i downloaded it, and i set the number,i set every thing to ALLOW, but the phone still rings and it doesnt answer by its self,what do i do?
  • Ch0pstick
    It is possible that on some phones, PhoneSnoop doesn't work.
  • nice application...
  • Ok, i"ve tested this app on several blackberries (can't recall which models - 9630, 8530 and some other model if i remember correctly). All blackberries made one ring before automatically answering call. Solution to this would be silence the ringer.
    If anyone has tested it on a different model and didn't get a ring, please, let us know.
  • Ch0pstick
    Its the way I designed it. I didn't want the app to be stealthy for fear that the abuse potential would be high. To silence the ringer, I would only need to inject a key event that simulates a user pressing the ringer-mute key before answering the call.
  • paulgdonnelly
    I don't think that this will work at all if the device is locked. You will ge the incoming call event sure, you will even execute the key injection into the phone app but the phone app will not get injection.

    Any work arounds?
  • mreddygonzalez
    And then he will prove it to give my opinion ...
  • Hightower
    Hello,
    I've downloaded PhoneSnoop on my Curve 8310 with OS v 4.2 but app. won't work error message:
    "Error starting PhoneSnoop: Symbol 'EventInjector $KeyCodeEvent.<init>' not found"

    Can anybody give me information please, what's the matter?
    Thank you very much in advance
  • Hightower
    Hello,
    I've downloaded PhoneSnoop on my Curve 8310 with OS v 4.2 but app. won't work error message:
    "Error starting PhoneSnoop: Symbol 'EventInjector $KeyCodeEvent.<init>' not found"

    Can anybody give me information please, what's the matter?
    Thank you very much in advance
  • will
    thank you i will let you know the results since I believe my live in gorfriend is cheating
  • Ch0pstick
    Dude, like seriously? I mean, if you think your girlfriend is cheating, then you should confront her. I don't think bugging her phone is the way to go. Besides, that is not why I wrote PhoneSnoop. Anyway, your plan will most likely fail because PhoneSnoop is far from stealthy. The phone rings when a call comes through and your girlfriend will most likely know there's something installed on her phone because of the distinct icon on the homescreen or downloads folder.
  • joani
    please email me program.
  • brad921
    On my downloaded version there is no Input Simulation option in the edit permissions.
    I tested without it and it doesn't do what is shown.
  • Ch0pstick
    If you don't have the Input Simulation permission, then you will most likely
    have Keystroke Injection. Allow this and it should work.
  • Amit
    i don't have Input simulation permission and i allow the KeyStroke Injection but still i am getting "Error starting PhoneSnoop Symbol 'EventInjector$eyCodeEvent.<init>' not found" when i try to open the application, i am trying in BlackBerry 8110 device.
blog comments powered by Disqus