We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

BBC creates malicious smartphone app

Broadcaster tests proof-of-concept malware

The BBC has created a malicious app for smartphones in a bid to prove just how easy it is for cybercriminals to build software to steal data from handsets.

The malicious app, which took the form of a "crude game", was created in conjunction with Chris Wysopal, co-founder of security firm Veracode, and used parts from a number of software toolkits freely available on the web to developers that want to create apps for smartphones.

It allowed the corporation to spy on the owner of the handset, tracking the user's locations and their contacts list. It was installed on just one handet and not released to the public.

Wysopal told the BBC it's difficult for app store providers, such as Google and Apple, to identify malicious apps because genuine apps also need to access contact lists and locations

"That's kind of the scary thing," he said.

"The face of the application, be it a game or a simple application that is for fun, can have behaviour that is not visible at the surface."

Wysopal said smartphones were now at the point the PC was in 1999, when malicious programs were simply a nuisance rather than a tool used to fraudulently obtain money.

"Mobile phones are really personal devices. You might have one computer for a family but every family member has a personal device and it is with them all the time."

Con Mallon from security firm Symantec said smartphones do pose a greater risk for the potential exploitation and invasion of an individual and their identity.

"The smartphone is a truly personal device. The fact that it also has a camera and a microphone provides two new vectors for hackers to exploit people," he said.

"There is an explosion in apps and Android is growing really fast, but who is vetting these apps? If you install an app on an Android device you are confronted with a number of screens pointing out that the app will have access to your smartphone. People do not understand what is going on and, for the moment, they don't really care."

Smartphone owners were advised to identify the developer of the apps before they download them, as well as backing-up their handset to a PC and monitoring their bills.

See also: Free BlackBerry handsets may contain spyware

IDG UK Sites

Apple promises developers better stability, performance for Swift

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...