// you’re reading...

BlackBerry

The theory behind BlackBerry phone taps

By chopstick October 31, 2009 Post a comment
Filed Under  , , , , , ,

The new version of FlexiSpy (which I dissected and posted about) promises to allow a user to spy on a target when he is on a call.  They call it Call Interception.  The site says: “Call Interception is the ability to listen in to an active phone call on the target device. You specify the numbers you are interested in and when any calls to or from these numbers occur on the target, FlexiSPY PRO-X will send a secret SMS to your mobile. If you now call the target mobile, you will be added to the call.”

Knowing the APIs of the BlackBerry, I can confirm that this will work only if and when a target has conference calling enabled.  The theory is simple again.  The application hooks the “callConnected” method on the PhoneListener class.  Then when it detects a specific number that has been specified, it sends an SMS to a pre-defined number.  Once that same pre-defined number calls in during an active call, the phone automatically answers and adds the user into a three-way conference.  So its dependent on the target and his phone plan.  Thus this feature is not a guaranteed one.  One thing I plan to try out is to see if the target will actually hear the call-waiting tone before the third call is connected.  Here’s a graphic that explains how it works:

Bob calls Alice on her bugged phone

Bob calls Alice on her bugged phone

Alice's phone sends an SMS to Charlie

Alice's phone sends an SMS to Charlie

Charlie calls Alice's phone & is added to the conversation

Charlie calls Alice's phone & is added to the conversation

In the scene above, Bob is a friend who calls Alice.  Alice has had her phone bugged by Charlie.  Charlie wants to listen into conversations between Bob and Alice.  For this to work, Alice needs to have the ability to make conference calls.  This is typically a value-added service from the mobile network operator.  Thus this attack is dependent on Alice having subscribed to such services.

Like all the other things, I’ve written about, I need to conduct some more research on it.  I’ve been busy these days with the day job and my research is taking a back seat.  Sad really.  Maybe its time to look for a job that pays me to do this stuff??  If you want the tool that lets you test out how you can remotely listen in on ambient noise and conversations, look here.

Share this on:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Reddit
  • StumbleUpon
  • Tumblr
  • Twitter
  • Slashdot

Discussion

Comments for “The theory behind BlackBerry phone taps”

  • There was a news piece on that software, that showed them listening in on a person's call (who allowed them access) and from what it showed on the show there was no audible sound or anything that would tell a person that someone had just joined the call.

    The fact you have to physically install this on a phone I think will keep it way down.. hopefully it doesn't get to the point where it can be installed totally remotely without the user's knowledge.

    What are your thoughts on the possibility of that coming about?
  • Ch0pstick
    As far as the BlackBerry BIS is concerned, there is no known way of installing software remotely. So for now, the only thing a user needs to be vigilant about is who has physical access to his phone and the type of software he installs.
blog comments powered by Disqus