Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

BBC News builds data-stealing app for iPhones

BBC demonstrates that smartphone spyware-ridden application are easy to make

Article comments

BBC news has created an application for smartphones that steals users’ data to demonstrate how “straightforward” it is to develop a malicious app.

With the help of security firm Veracode, BBC News designed a “crude” game that was able to collect contacts information, copy text messages, log the phone’s location and send it to a specified email address.

It took just a few weeks to create the spyware-ridden application, according to BBC technology correspondent Mark Ward, and the application was only downloaded onto a single handset and not launched in an application store.

BBC News built the application using standard parts from a common development software toolkit used to create programs for mobiles, and re-worked existing code.

“The end result was a program that does not look great but gets the job done.”

Ward said that the spyware used 250 lines of the 1,500 lines making up the application.

“All of the information-stealing elements of the spyware program were legitimate functions turned to a nefarious use,” Ward wrote.

Chris Wysopal, co-founder of Veracode, told the BBC: “That’s the scary thing.

“The face of the application, be it a game or a simple application that is for fun, can have behaviour that is not visible at the surface.”

According to the BBC, Apple vets all its applications and only admits into its App Store those that pass stringent commercial and coding tests.

Meanwhile, Google requires all Android applications to have an AndroidManifest.xml file in its root directory. Amongst other details, the manifest contains essential information about the application that the system must have before running the application’s code, and describes the components of the application, including its activities and services.

In addition, Google and Research In Motion (RIM) use a code-signing system to turn off malicious applications.

Although the BBC has demonstrated how easy it is to create a malicious application, Forrester has warned businesses to carefully review the pros and cons of developing an app, taking into consideration hidden development costs, before jumping on the app bandwagon.



Share:

More from Techworld

More relevant IT news

Comments

honkj said: uhhh and if BBC had submitted the app it would have been rejected which is the point wouldnt you think does BBC understand the difference



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *