Kisses - A free spyware detector
Hi everyone,
I'd like to announce the release of Kisses - A BlackBerry hidden programs, hidden processes and spyware detector. Its a free tool that I develop to help users have protection from commercially available and unknown variants of spyware. How would the spyware have gotten onto your BlackBerry? You could have had it installed by someone you know who had physical access to your phone, or you could have had it piggy-back on another piece of software. A brief list of Kisses' features: Show all running processes on the BlackBerry - including system processes Show processes running on the BlackBerry that are not visible - excluding system processes Detect programs that are installed on the BlackBerry and are invisible in the Applications page Detect and remove FlexiSpy and MobileSpy commercial spyware For more information, please visit "kisses.zensay.com" on your browser. (Link in my signature) New versions will be added constantly and feature requests will be welcome. Thanks, Sheran |
Hi,
Aren't you also the developer of PhoneSnoop, the program that's written up here? Security Fix - DHS: PhoneSnoop app bugs BlackBerrys US-CERT Current Activity Does Kisses also detect your own spyware PhoneSnoop? I find it interesting that you developed both a spyware app and an anti-spyware app. Personally I would be reluctant to install an anti-spyware app developed by the same person who develops spyware. |
Yes, he is the one and same.
In this earlier thread here he takes credit for the development of the Phonesnoop spyware app. http://www.blackberryforums.com/bes-...rmissions.html |
Hello daphne,
Yes, I am the developer of PhoneSnoop. I think given the recent media coverage of PhoneSnoop, I'd have far more creative and discreet ways of infecting people with spyware than posting a spyware removal tool in a forum or two ;-) I thought Kisses did not need to detect the presence of PhoneSnoop because: 1. PhoneSnoop was a proof of concept 2. It is visible in your homescreen (distinct icon) and applications list 3. It can be easily removed because its not hidden 4. The incoming phonecall is not muted and you will hear it But given your concern, I think I will add this as a feature in my next release. Users can expect a release in about 10 to 12 hours. I presented the topic of BlackBerry spyware at the Hack In The Box security conference "hxxp://conference.hackinthebox.org" where I discussed many ways in which spyware can get on your phone. I released my toolkit Bugs and Kisses there as well. My intention was to raise awareness about the topic and provide users with a mechanism for protecting themselves. I value your concern for both yourself and your forum users. It is a very valid point. I am not pressuring anyone to install Kisses, I am merely announcing that a free solution is available - whether you choose to install it or not. Kind regards, Sheran |
So, Sheran, let me understand:
You developed Phonesnoop only as a "kindler and gentler" spyware app, in order to prove the possibility and viability of such spyware on BlackBerrys? |
JSanders,
I developed PhoneSnoop to raise awareness that there are companies out there like FlexiSpy and MobileSpy. They sell their software to the public. Thus, a motivated individual can purchase this software and proceed to spy on people he knows. How would a user know he's infected? He wouldn't unless he used a commercial or free spyware detection/removal tool. How would a user know how this spyware worked? Again he wouldn't unless he spent money on purchasing the spyware himself. IMHO, there is no point in releasing a spyware removal tool, unless you tell users how the spyware works and what it can do. Lots of the spyware removal products do not detail enough about how a piece of spyware works and what it does. I am hoping to change that by providing PoC tools. I feel that a demo has (and in this case it clearly had) a greater impact than reading a brochure or bullet point list of features. Kind regards, Sheran |
Quote:
|
Quote:
To remove any doubt, I will continue to host PhoneSnoop and release other PoC software as and when I develop them. My disclosure will be responsible, like I have done with PhoneSnoop. I will continue development on Kisses in parallel. |
I am not telling you what you should do. You said you developed it as a proof of concept and to raise awareness. Do you think you've accomplished those goals? Do you have other purposes for the app also? Do you plan to charge for it at some point?
|
Sheran, I can only think that if Norton or McAfee developed viruses (even "nice" ones) to raise awareness of the need for antivirus applications, you would be screaming.
I know I would. Unless you come up with a better gameplan, I call this the fox guarding the hen house, and that just doesn't fly. |
Quote:
|
I definitely agree with Daphne and JSanders on this one...
On a fundamental level, I am not sure I would trust a spyware detector created and distributed by the same guy that created spyware, even if that spyware was a "proof of concept". It's like Lilly's or Pfizer creating nasty bugs in the lab as "proof of concept" to sell more nasty bug fighting drugs. |
Quote:
I don't think PhoneSnoop can be compared to a virus, thus there is no point in drawing parallels to McAffee or Norton releasing their own virus. I'm not selling my spyware removal app. I will not charge for my app now or in the future. As I replied to @daphne, I will be updating my Kisses app to detect PhoneSnoop as well. This is so that users who aren't fully aware of what's happening on their phones can benefit as well. |
Quote:
Or is it the fact that its taboo for the same person to develop opposing types of applications? Is it that you don't trust me because I have less than 10 posts? Is it the fact that I don't release the source? How about the fact that I don't have a government agency certifying that my spyware detector is not malicious? I am honestly happy that yourself, @JSanders and @daphne are asking these questions. Because in the end, they go to highlight a fundamental point: How much can we trust something and on what do we base that level of trust? This sort of discussion is as valuable to me as it is to release a app or whitepaper. Thank you. |
The bottom line with BlackBerry devices is that they are easy to keep secure. BlackBerry Enterprise admins can lock down the devices so users can't install random apps, including spyware apps. Users can protect their own devices by locking them protection with a strong password, short time security time out, and limiting the password attempts. And by not installing unknown applications. The media is creating a fair amount of hype about BlackBerry spy software but I suspect the risk is pretty low in reality.
Also as far as I know, Flex-Spy and Mobile Spy do not work on pure CDMA devices. What about PhoneSnoop? Would it work on my old 8330? |
Quote:
Quote:
|
This is the reply I made on CrackBerry this morning, but they deleted this Kisses fool's thread. I just copy and pasted my reply as I believe it's valuable info. Sorry, I can not post links (so copy and paste obviously replacing the "xx" with "tt") as I'm new,:cry: but may post here more often as I now have an account here. This Kisses app just makes me mad as hell and I have to get my 2¢ in. I wish CrackBerry wouldn't have deleted this PhoneSnoopers thread as it's a valuable warning for some searching for info on these apps!
------------------- Something fishy when the developer of this PhoneSnoop hxxp://chirashi.zensay.com/2009/10/phonesnoop-turn-a-blackberry-into-a-portable-bug/ who in their own words describes this app with words like "victim" and "attacker". I could care less if PhoneSnoop was devolved to raise awareness; terrorist acts are committed to raise awareness! If you still want to install this "spyware detector" be forewarned...Kisses will not detect the developers own spyware PhoneSnoop. Here's an article I found by the Washington Post on PhoneSnoop: DHS: PhoneSnoop app bugs BlackBerrys. hxxp://voices.washingtonpost.com/securityfix/2009/10/dhs_warns_of_blackberry_snoopi.html?hpid=sec-tech The Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) is warning about PhoneSnoop... Quote:
Kisses of Death, Chris |
Quote:
Best of luck, "Super Spy", Chris |
Regarding this:
Quote:
If the authors of Zbot, the trojan that steals banking passwords, said they were trying to raise people's awareness about securing their computers, would that make it ok for them to infect your PC, steal your passwords, and drain your back account? |
sheran-g,
Question for you. On your page here ZenConsult Technology Consulting | Kisses - the spyware detector you are asking for donations to purchase Flexispy and MobileSpy. Quote:
Quote:
|
All times are GMT -5. The time now is 12:07 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.