BlackBerry ... not as safe as you thought?

Discerning thumbs for BlackBerry users are essential to keep away a new threat which can compromise the security of the popular smartphone. Well that's according to Research In Motion's (RIM) Ian Robertson, senior manager of security and research.

Discerning thumbs for BlackBerry users are essential to keep away a new threat which can compromise the security of the popular smartphone. Well that's according to Research In Motion's (RIM) Ian Robertson, senior manager of security and research.

Robertson was responding to the claims that BlackBerry-targeted spyware can steal secrets.

The latest version of spying software FlexiSPY enables remote third parties to bug voice calls, log SMSs and mobile e-mail messages and track the location of a BlackBerry user. What is even more scary is that the spyware can remotely turn on a phone's microphone to listen to a user's surrounds without a call even being made.

The potential for "misuse" is huge. An employer, say, would be able to keep track of every employee on the payroll without ever having to leave the office. He or she would know who staff members meet, what they talk about and where they are 24x7. No more sneaking off for job interviews on your employer's time, the boss can just switch on the microphone and listen in whenever they like.

So, is the BlackBerry vulnerable to security attacks or not? It depends who you ask.

Patrik Runald, senior security specialist with antivirus firm F-Secure, said: "This is the first [trojan] for a BlackBerry we have seen."

Robertson, on the other hand, claims that users don't need to be worried. His argument: "spyware" has to be consciously loaded onto the device, hence the need for discerning thumbs. Don't OK the installation of the spyware and you're safe. End of story, thanks for coming.

While that is certainly true -- the software does have to be consciously loaded onto the device -- such blind faith in users (particularly from a security specialist) is disconcerting.

If the industry has learned anything from the [malware] attacks on computers over the years it's that the weak point in any defence strategy is often the human factor.

For some time now security firms have been banging on about not clicking on links in e-mails or downloading applications that have not come from trusted sources. Has this education program eradicated users becoming the victims of phishing attempts? In a word ... no. The temptation for some users is just too great.

Security experts, mobile manufacturers and retailers need to devise a strategy now (at this relatively early stage in mobile development) to promote safe mobile communications, and to protect users from having their devices compromised.

A strategy which relies solely on a user having discerning thumbs is not a strategy, but simply a folly.

What do you think: can users be trusted? How serious is the mobile malware threat? Will the threat affect your decision to purchase or use a BlackBerry. E-mail me at scott.mckenzie@zdnet.com.au and give me your feedback.