BBC creates 'malware' app for smartphones

BBC delves into the malware market
BBC delves into the malware market

The BBC has revealed it has created a malware-ridden app for smartphones, which crimps the location and passwords details of whoever uses it.

The app, which was only made for use on one unnamed smartphone, was never released to the public but was created using regularly available software toolkits.

To create the malicious app, the BBC was helped by Chris Wysopal, co-founder and technology head at security firm Veracode.

Speaking about the experiment, Simeon Coney, from AdaptiveMobile, said: "In the PC domain the only way a criminal can generally take money from a user is by having them click on a web link, go to a website, purchase a product and enter their credit card details.

"In a mobile network the device is intrinsically linked to a payment plan, to a user's credit.

"Nothing happens on a mobile network, no call is made or text is sent, without money changing hands."

App woes

The piece of malware was hidden in a "crude game". Personally, we have had a lot of fun playing noughts and crosses but we get where the BBC is going with this, and it does highlight potential problems of what could happen when Joe Public starts creating its own apps.

Which is exactly what will be happening soon, when Google's App Inventor gathers more steam.

This isn't the first time that the BBC has caused tech controversy. Back in March 2009, the Beeb created a botnet as an 'experiment' and infected a number of computers with it.

This is something which riled a number of security experts, including Sophos' Graham Clule who told TechRadar that it was unjustifiable.


Marc Chacksfield

Marc Chacksfield is the Editor In Chief, at DC Thomson. He started out life as a movie writer for numerous (now defunct) magazines and soon found himself online - editing a gaggle of gadget sites, including TechRadar, Digital Camera World and Tom's Guide UK. At Shortlist you'll find him mostly writing about movies and tech, so no change there then.