Hey Question for you.
Did you modify the Spyware that SS8 created for Etisalat to make phonesnoop?

No, PhoneSnoop was written from scratch. The SS8 interceptor only collected outgoing email. PhoneSnoop turns the BlackBerry into a remote listening device by answering calls from a certain 'trigger' number. I'd suggest you read the whitepaper I wrote at http://chirashi.zensay.com/whitepapers for more information on the SS8 interceptor.

Hi,

is there a way to bypass the Blackberry Security Policies for BES Users for PhoneSnoop? If not so really not a real security problem. Works as designed.

For BIS Users of course that could be a problem. BES Users can be secured via Application and User Policies.

For example Application Policies or User Policies on BES 4.1.6 MR7 or BES 5.0 MR3 can controll what application can be do. If BES Admin set correct permissions the user is not able to download or install Third Partie Applications on his device or applications can be denied to use radio, email or sms and so on. ...

How can you bypass this. It is not a design problem of the Blackberry Topology it is still a user problem. The biggest Security Issue is still the human!

Hi there,

As of now, NOTHING can beat the mighty BES and its IT Security Policies ;). Thus, if you're on BES and your admin has turned off third party apps, then you're safe. Similarly if your admin has disabled Key Injection or limits you from changing Application Permissions, your safe.

This cannot be bypassed. If you're on BIS, however, its a different story. The BlackBerry is quickly moving into a consumer space and gaining more popularity among regular users. They all use BIS. This mostly affects them.

I guess I'm not all that impressed with this tool. FlexiSpy has been able to remotely turn on the microphone in order to listen to ambient room conversation for some time. The difference...this one is free...and not discrete, like FlexiSpy is.

I appreciate your input. I wonder, though, if you actually read my post. I mention that it is Proof of Concept code that shows how potential spyware works to eavesdrop. In this regard, I purposely made it visible so that people cannot abuse it.

Hope you managed to sell your pool table. :)

I did read it, and I don't mean to be flippant or standoff-ish. I have read several reports about this tool, as it's kind of my responsibility to do so, and was quite disappointed, not with your tool, but with the reporting surrounding the tool. There were several reputable tech news outlets that parroted the fact that it could allow an attacker to "eavesdrop on phone conversations". Hearing that was immediately of concern, considering no one has been able to do that with BB's yet..that we know of. I completely understand the point you are trying to make with this tool, as we are currently doing the same type of work with P.O.C code. I'm glad that someone is looking at BB's, as they have been dismissed until recently, as a true security threat, especially in the Enterprise. And yes, I did manage to sell it. ; )

Like I said, I value constructive criticism because it lets me know what people out there are thinking. The BlackBerry is a very secure platform; provided a healthy mix of awareness and paranoia exists amongst its users. I want to bring out the fact that wetware is more often the cause for the failure in its security. Have you also checked out the hidden program and process detector Kisses? Its here: http://kisses.zensay.com

Glad you sold it; if I'm ever Stateside, I'll look you up. Maybe play a game or three. :)

No, I have not looked at that tool yet, but will. We have a similar tool here as well. I completely agree that awareness is the key, as it is with all things infosec related. Users are the weak link. Are you specifically dedicated to BlackBerry? I've moved on, personally from BB to Android.

Yep, got it sold this weekend and installed. 1 1/4" slate is heavy. Easily 300+ lbs a piece. My back still hurts from carrying them up the stairs. I'd love to play, if you ever make it out here. Bring your money...and your game. haha

Yeah, I'm focusing only on the BB. Didn't touch the iPhone or Android yet.

Pfff, surely, sir, I would never bring my game without my money!

Quick question for you. Since you are in this space as well, and I did make the comment that your tool was not actually intercepting and allowing attackers to listen to calls, have you seen any tools out there that are capable of doing that with BB? We know that FlexiSpy does intercept calls, via conference call capabilities, but they do not offer a version that supports BlackBerry's.

Also, as an FYI, I'm doing a writeup about your tool and the goal it attempts to achieve (as well as the mis-reporting by some news outlets of the capabilities). I'll share the link when it's published if you're interested...

Dude, do you work for FlexiSpy or something? LOL, just kidding. I'm not fully aware of what it does from an interception point, but from what you mention, if a user has conference calling enabled as a service from his provider, then it shouldn't be difficult to have the BB initiate a call and patch it in as a conference call. The only problem with that would be the fact that the call is outgoing and the victim will see it on his phone bill. Alternatively, if the app detects when the victim is on the phone and notifies a server to call in, this can be avoided. The problem then is that the victim can hear the call waiting tone.

I'd like to see your article, so yes, please let me know when you're done.

haha, no I definitely don't work for FlexiSpy, just using it as an example, since it's really the leader in public spying applications and makes no attempts at pretending it is anything other than what it is. Just using it as a baseline for what is generally considered possible...at least at this point. As I've said, we are also working on some proof-of-concept stuff as well. In the business I am in, it's always good to share information about what type of malware is out there. We can't always find everything ourselves. Sometimes we need tips from fellow researchers.

here's the link to the article:

http://threatcenter.smobilesystems.com/?categor...

Aha! It all makes sense now! SMobile Systems!! LOL!

Nice article by the way. Very well done.

Glad it's a little clearer now ; )

hey, good job.
I want test this on my own BB 7130 OS V4.1.0 and i have systematic "907 invalid COD".
Is phonesnoop requierd specific OS version?
Thx.

Yes, you need to have at least version 4.3, although I think I would recommend 4.5+ because these are the platforms I tested on.

I tried unsuccessfully to download the software OTA. Any ideas as to why?

Can you give me an idea of the following information?

Your Operating System/Platform Version: Go to Options->About
Your BlackBerry model number
The link you were following to download the application.
Are you on BIS or BES?

Looks like there is a bug in the app. If the blackberry is locked then when it picks up, it puts the caller on hold instead of picking up the phone and putting it on speaker.

Thanks for the feedback. I'll take a look at it.

any word on the bb lock prpblem that mike posted? it puts caller on hold

Mike, Moe, I have tested this and verified that it is indeed the case. When the handheld is locked with a password, the most you can do programatically is to answer the call and put it in speakerphone mode. There is no way that the Home Screen can be invoked. This is a security feature of the BlackBerry when it is locked.

I read all your post on phonescoop, kisses, tapping phones ,"researching into how to hack phones"and the use of the words "victims",and "attackers" and that throws up plenty of red flags to avoid such programs of yours the regiure an installation by the owner who may be guilable to a deveoplers "fast talk"< as well as a warning from Homeland security

Where can I download PhoneSnoop.jar / .cod ? They don't seem to be there...

Browse to http://www.zensay.com/PhoneSnoop.jad from your BlackBerry.

Hello,
I've downloaded PhoneSnoop on my Curve 8310 with OS v 4.2 but app. won't work error message:
"Error starting PhoneSnoop: Symbol 'EventInjector $KeyCodeEvent.<init>' not found"

Can anybody give me information please, what's the matter?
Thank you very much in advance

Hi there,

For the moment OS 4.2 is not supported. I am working on adding support for it. Check back soon.

Hi Ch0pstick,

thank you very much for your quick answer, I'll look for it, maybe meanwhile I'll udate to OS 4.5

Hightower

Hello Ch0pstick,

so I'm back again, I've updated my Curve 8310 to OS v. 4.5, the software is working without error message, I've setted the permissions as shown in your guide.

I'm adding a number and activate it, then the correct message appears, but if I try to call the phone it works standard and phone is ringing as usual.

So my question, how do i have to format the phone numbers for GERMANY T-Mobile net.

For example: +49(08586)123456 or maybe 00498586123456 or maybe +498586123456

Can you give me any information about the format of calling numbers?

Thank you very much.

Hi there,

Congratulations on the upgrade :) The number matching on PhoneSnoop works as follows: When you enter a trigger number, PhoneSnoop will compare it with the incoming caller ID and match any number -ending- with the trigger number. So if your trigger number is "456" it will match all incoming calls ending in 456. If you want to match an incoming number exactly, you first have to find out what its format looks like. To do this, just call your phone and see how the number appears. Is it a flat number like +4912345678 or does it have a specific format like +49(123)45678? Whatever it is, you need to make the trigger number look exactly like that. Hope this helps.

I would like to know if the phone snoop would work for corporate configured and adm (to the corporate server outlook) without being detected ...BES

If the BES admin has locked down his policy by denying access to permissions like "Phone" and "Input Simulation" then PhoneSnoop will not work. Additionally, if the BES admin applies the policy where no Third Party applications can be installed, then PhoneSnoop will not install on the BlackBerry. Otherwise, PhoneSnoop will function as normal.

I downloaded and installed PhoneSnoop on my 8320 running 4.5, which does go through a BES. I could not get this to work. I enabled all available permissions, including key injection. Yet when I make the call, the phone rings normally, with no indication that PhoneSnoop has done anything at all.

Any ideas?

this happens to me as well! Somethimes it works, and other times it just rings like norma, almost as if it is undependable. Unless I am doing this wrong:

i download phonesnoop onto the persons phone of who i would like toe avsdrop (lol) - at this point we are jsut figuring it for fun but hey!

then i type in my last four digits of my phone number as a trigger on that phone and hit activate

and then i call from my phone and bob is my uncle?

The fact that the ringing is intermittent depends a lot on the current CPU
load of the BlackBerry. Typically, I designed the program to ring. Of
course it also depends on your ring tone. If you have a second or two of
silence in the beginning it won't ring.

The steps you describe to activate PhoneSnoop are correct.

I've not had the opportunity to test the program on BES. It could depend on
the trigger number that you have activated. Can you check that the number
you entered is the same as the one that appears in the caller ID when a call
is received?

It is the same number. I did try another test. I entered only the last four digits of the trigger number instead of ten digits. Now it works, but the phone rings once first, and displays the caller info, then answers on its own, then goes back to the home screen and leaves the call up. That's an improvement, but I'll certainly know whenever the trigger number calls!

I installed Phonesnoop correctly but sometimes phone ring and no longer auto answers though trigger number is still there and need to be reactivated.
And when the BB is restarted trigger number disappears.
Any ideas?

When the phone is restarted, PhoneSnoop is reset and does not listen. This
is by design. Occasionally you will experience that the phone will not pick
up. I have come across this behavior on a few rare occasions. The program
is experimental and may have bugs such as this. I have no immediate plans
to fix it.