BBC builds spy apps for smartphones.

Don’t panic, Auntie Beeb hasn’t gone over to the dark side just yet. However, they have managed to highlight just how easy it is for computer coders with bad intent to steal private information from new generation smartphones.

In a recent experiment  the BBC had some pretty inexperienced coders create a crude ‘game’ for a smartphone. They build it  from readily available code snippets and it worked. However using other snippets they added functionality that allowed them to spy on anyone who downloaded the game.

The  information-stealing elements of the BBC’s spyware game were all legitimate functions used elsewhere by legitimate programmes. The programmers were successfully demonstrating how using standard code in this way makes  building malicious applications quite a simple task.

We asked Jason Dibley, Technical Director of London-based QCC Interscan to comment. Jason acknowledged the difficulty of policing mobile apps..

“Some senior managers know that ‘smartphones’ exist, but still rarely use their own for anything except traditional calls and the odd text message. Meanwhile their younger and more tech-savy colleagues have completely changed their working practices, and are storing lots of business critical data on their blackberries, I-phones and other devices. They download [apps] to help them work more quickly and productively, but in doing so, expose their business to potential data theft.”

 

Saudi Arabia ban the Blackberry

Yesterday’s announcement by the United Arab Emirates that it was planning to block the use of Blackberry phones was quickly followed by a similar announcement from neighbouring Saudi Arabia.

The Governments of both the United Arab Emirates and Saudi Arabia are in the process of banning the use of email and web browsing on Blackberry phones because the handsets cannot be monitored by the governments, thus contravening their internal telecoms regulations. Blackberry handsets  which are used by about 900,000 people in the Arabian peninsula automatically send the encrypted data to computer servers outside the two countries.

The news follows an event last year when 145,000 BlackBerry users in the UAE were told by their local operator to install an upgrade “required for service enhancements.” It was later alledged by RIM, the company that makes Blackberrys that the so-called upgrade was actually spyware to allow government agencies to covertly monitor emails and web access.

Here in the UK, Internet Service Providers are already required to keep details of ‘traffic data’. Under their Intercept Modernisation programme put forward by the last government was a proposal to record the electronic communications traffic data of the entire UK population in an official database.

According to the Sunday Times,* GCHQ last year received up to £1 billion to finance the first stage of the project. Although some have question the capability of such a system to record so much data, but the technical capacity to sift data has grown almost as quickly as the growth in internet traffic.

The reality today is that regardless of where you live, all electronic data can be intercepted once it is travelling on the internet. Therefore, in order to keep data secure individuals, organisations and states who want to keep secrets really need to stop their private data from ever reaching the net in the first place. This is one area where TSCM professionals can help.

* http://www.timesonline.co.uk/tol/news/uk/article4882600.ece

 

US and Russia swap spies

In a plot that reads more and more like a John LeCarre novel, it emerged this morning that there are negotiations taking place over whether to swap the 10 alledged Russian spies arrested in America last week.

the US state department arrested 10 individuals in New York state, all suspected of infiltrating US policy-making bodies on behalf of the Kremlin.An 11th suspect fled to Europe and absconded in Cyprus.

The plan now is to swap these  ‘deep cover’ moles with Americans arrested by The FSK (the successor organization to the KGB) over the last decade.

Michael Farbiarz, the assistant US attorney announced that he had almost a decade’s worth of video and audio surveillance records of meetings between Russian government officials and some of the alleged New York conspirators. They communicated via WiFi and traditional radio frequency transmitters for years and are also alleged to have encoded encrypted data into photographs which were then posted onto websites. This is like a modern version of the old ‘coded messages in newspapers’ that became a staple of cheap spy stories.