Bugs & Kisses – Spying On BlackBerry Users For Fun

March 10, 2010 (at 10:30 a.m.) in Defense & Management

Regarded by many as a platform that remains very secure and difficult to compromise, the BlackBerry has enjoyed great success not only in large corporations and governments, but now, also in the consumer market. So can a BlackBerry truly be owned?

This talk explores the one weakness in the BlackBerry handheld — wetware. It will demonstrate how malware can be planted on a BlackBerry and show how the BlackBerry API makes the task of spying on a user significantly easy. The talk also covers a real-world case of how a UAE telco, Etisalat, attempted and failed to compromise its entire BlackBerry user-base of 145,000 users.

A live demo featuring the toolkit Bugs & Kisses will be given providing examples of attacks and practical steps to mitigate them.

Sheran Gunasekera

Sheran Gunasekera (chopstick) is a security professional that specializes in Web Application Security, Mobile Security and Digital Forensics. He is the Director of Research & Development for ZenConsult, a technology consulting firm based in the Asia Pacific region. Disliked by banking software vendors and now, possibly telcos, Sheran sees no need to sugar-coat findings from security assessments. A firm believer that information should be free, he releases his research and tools on his blog, Chirashi Security (chirashi.zensay.com), in the hopes that others can benefit from them.