India’s government is currently in the process of testing a solution that will allow it to spy on BlackBerry users sending and receiving data over India’s cellular airwaves. The country’s Telecom Secretary has confirmed that India’s Department of Telecommunications is testing the solution, which will allow government officials to monitor several services tied to Research In Motion’s BlackBerry smartphones. The new solution being tested is part of India’s demands to gain access to messages sent by its citizens, and the government has threatened to ban BlackBerry devices if it is not granted access to users’ data. RIM has cooperated with some of India’s demands in the past, having provided it with the means to see messages sent via BlackBerry Messenger and to monitor web browsing, but the Waterloo, Ontario-based vendor has insisted on multiple occasions that it does not possess the capability to monitor encrypted emails sent and received via its corporate BES service. India’s Telecom Secretary would not specify which BlackBerry services this new monitoring solution addresses.

Hacker groups like Anonymous and LulzSec capture the bulk of mainstream media’s attention when it comes to hackers these days, but it looks like the Iranian government may have recently pulled off an attack that trumps both hacker groups and then some. According to reports, Iranian hackers with ties to the government have managed to executive an MITM attack that compromises Google’s SSL security. An MITM attack, or Man-In-The-Middle attack, is a cyberattack that allows an attacker to covertly intercept or even modify data as it is being transmitted between two computers over the Internet. Using a certificate issued on July 10th by Dutch SSL certificate authority DigiNotar, Iranian hackers have reportedly been able to spy on communications sent via Gmail and other Google services for more than five weeks. DigiNotar revoked the compromised SSL certificate on Monday, however most browsers do not check to see if a certificate has been revoked by default. As such, Mozilla has already released an update to Firefox and Thunderbird that revokes trust for the DigiNotar certificate, and Google said it will soon release a similar update for Chrome. Apple and Microsoft have yet to address the matter publicly or state if and when we can expect updates to Safari or Internet Explorer.

Read

India’s government reiterated its stance on Research In Motion and other companies providing officials with access to to monitor encrypted data. “It’s not a question of their giving access. Under law, they have to give access, everybody has to give access,” federal Home Secretary Gopal K. Pillai told reporters on Tuesday. “Whoever gives access will be allowed to operate. Whoever does not give access will not be allowed to operate.” The Indian government notified several companies last year that they would have to provide access to emails and other data in order to comply with regulations and remain operational in the country. Following the ultimatum, the spotlight turned to RIM, a company known for providing secure and encrypted mobile services to its global subscriber base. RIM would later state publicly that it does not have the capability to give the Indian government, or anyone else, access to emails sent and received using its corporate email solution. Unless RIM can come up with a solution that falls within the guidelines set forth by applicable laws, India appears ready to pull the plug on BlackBerry smartphones.

Read

Research In Motion confirmed on Thursday that it will not give the Indian government access to email sent to and from BlackBerry smartphones in its country. The refusal to comply with India’s request is less a moral stance and more an issue of technology, according to RIM. “There is no possibility of us providing any kind of a solution,” RIM VP Robert Crow said to reporters. “There is no solution. There are no keys to be handed.” India demanded access to email and all other BlackBerry services last year as part of larger efforts to monitor security threats within the country. RIM gave the Indian government access to its BlackBerry Messenger service earlier this month, but complex email encryption will apparently not allow the company to provide similar access to its email services.

Read

It’s not every day Google dusts off the trusty old ban hammer and squashes an Android app. After all, the Android Market is an open one, where any developer can bring any app to the masses — almost. Mobile developer DLP Mobile launched an app earlier this week that performed a pretty questionable function; it allowed users to spy on SMS messages by having them automatically and secretly forwarded from a host phone to their own cell phone. The app, dubbed Secret SMS Replicator, was added to the Android Market Wednesday and it almost immediately caused a stir. Before long, Google exercised its ultimate authority and removed Secret SMS Replicator from the Market, saying the app “violates the Android Market Content Policy.” While the removal of this malicious app is seen as a positive move by most, some question whether or not Google’s actions push the Internet giant further away from the “open” descriptor it loves to boast. Most would likely agree, however, that leaving spyware in the Android Market would certainly have been the greater of two evils.

[Via Switched]

Read

You have probably read about the Harriton High spy case where the school administration of the Lower Merion School District (LMSD) is being accused of using school-issued MacBooks to spy remotely on its students. The case has received national attention and is now the subject of a FBI investigation. What you might not have read is this detailed investigation by Stryde Hax, a security consultant who probes the methodology and possibly identifies the person(s) behind this abuse of technology. Stryde Hax makes a connection between the LANRev software supposedly used to spy remotely on the students and Mike Perbix, a Network Tech at LMSD. Mr. Perbix stars in a promotional webcast for LANRev in which he boasts of the software’s ability to spy remotely without user detection. Stryde Hax also uncovers comments from former and current students that paint a picture of a school that forced students to use school-issued MacBooks, confiscated personal laptops that were used in lieu of the school-issued hardware, claimed that the green blinking webcam light was a glitch, and expelled students that tried to remove or disable the remote spy software. Tying it all together, Stryde Hax reverse engineers the LANRev software to take a peek at its inner workings and demonstrates its usage as a very stealthy remote spying solution. With content that is worthy of the best Tom Clancy novel, Stryde Hax’s lengthy blog post is filled with details on the Orwellian nature of this case.

Read

The Sony Ericsson Robyn, aka the X10 Mini, has gone and got photographed getting friendly with an iPhone. From these pictures and others, we know that the Robyn will pack a 5 megapixel camera, 3.5mm headphone jack and a microUSB port into its diminutive frame. Like its bigger brother, the Robyn will run some flavor of the Android OS and may be available in a variety of colors including black, white, pink and lime yellow. Hopefully Sony Ericsson won’t leave us in the dark much longer and will officially unveil this phone at Mobile World Congress next month. Hit the jump for a few shots of the Robyn and an iPhone K-I-S-S-I-N-G.

[Via Unwired View]

Read

UPDATE: We’ve been told by MobileRL that the audio is actually 100% encrypted, and is turned on at specific intervals, then analyzed electronically without human interference. It’s then compared digitally to radio and broadcast channels to determine what the user was listening to / watching. It’s also in very limited testing with a research company, and obviously all of the participants have given permission for this trial.

Read

Touted as an espionage tool but more closely resembling spyware is a new application, Phone Creeper, written by xda-developer member chetstriker. Once installed on a Windows Mobile 5, 6.1 or 6.5 handset with .NET CF 3.5, the software tool can be used to:

• secretly and remotely read incoming / outgoing sms
• secretly and remotely delete incoming / outgoing sms
• secretly and remotely view call history
• bounce sms messages off remote phone to someone else
• create a pop-up message on phone
• send a secret fart sound
• secretly and remotely listen to person – (Initiates silent call back of person to your phone with their speaker phone enabled)
• send listening in call to somebody else’s phone
• remote wipe of installed flash card

These above remote control commands are issued via SMS messages sent from any other handset to the “infected” Windows Mobile handset. The software is currently being distributed as a cab file that one must agree to install but, in the future, a code injector could be created to insert this application silently into any cab file. Once installed, the application does not appear in the task manager, does not have a user interface and runs silently in the background. So what do you think, the ultimate spy tool for parents of teenagers, a security suite to protect your data if your phone is stolen, or the progenitor of a whole new class of mobile phone spyware?

[Via WMExperts]

Read

Read