It's a trick as old as the invention of the phone itself. To take someone's handset and turn it into a listening device, allowing you to hear what the phone itself hears and spy on the oblivious owner. Symantec has released a report on a new version of this scheme, one that targets Blackberry users and centres on a malicious app with the name "Phonesnoop". Once activated, it allows the malicious individual to remotely connect to the victim's Blackberry and activate it's speakerphone. The result is the same had the person planted a microphone on the victim and can now listen in on everything happening within range of the phone. The good news is that the threat is only theoretical, there's no reports at this time that anyone has actually been targeted with such a trick, and that the reality is, in order for someone to plant this on your Blackberry, they'd have to have direct and physical access to your phone and you'd have to ignore the obvious signs. 

According to Symantec here's the steps needed for someone to plant "Phonesnoop" on your Blackberry:

1. The person would have to physically grab your phone and install the app onto it. In order to do this, they would also have to know your PIN.

2. To activate Phonesnoop, the malicious user has to place a call to your Blackberry, which will ring and display the incoming call. As the victim, you'd have to some how not notice this. 

3. Amongst the apps on your Blackberry, you will find a listing for "Phonesnoop". It's not hidden, and with a name like that you're unlikely to ignore it. If you discover it, there's nothing stopping you from uninstalling it. 

4. Once activated, the malicious user is connected to your phone as a normal call. If you look at your phone, you'll notice it's engaged in a call. There's nothing stealth about this.

5. In order to work, the victim's Blackberry would have to allow special permissions, Key Injection and Phone Access,  which you're unlikely to have changed as normal.

6.  Chances are, the network your Blackberry is running on has been configured to block this kind of misuse and so even if someone were to fool you into allowing all of the above, the network itself can still foil it. 

7.  Finally, it's noted by Symantec that the audio quality that the malicious user is getting on their end is actually quite poor. Phones are designed to cancel external noise interference, focusing instead on your voice next to the receiver. As a spy microphone, they are a very poor choice. 

In conclusion, Phonesnoop exists more as a novelty. In order to install it on another person's Blackberry you'd have to direct, personal access to them as well as know a great deal about them already. In short, you already seem to be spying on them at such a level, that you wouldn't need this trick. Secondly, as it reputation suggests, the Blackberry delivers a high level of security and even when someone does go to great lengths to try to get your personal info, they can still be foiled easily.

The only really concern with Phonesnoop is that it was made with standard software, including Blackberry APIs, there was no great trick in its making, suggesting that there's room for a more ambitious, malicious person to come along and evolve it. 

For now, it's of interest to hobbyists and geeks only.