By Jeremy Kirk
IDG News Service
Spying programs for mobile phones are likely to grow in sophistication
and stealth as the business around selling the tools grows, according to
a mobile analyst at the Black Hat conference on Friday.
Many of the spy programs on the market are powerful, but aren't very
sophisticated code, said Jarno Niemela, a senior antivirus researchers
for Finnish security vendor F-Secure, which makes security products for
PCs and mobile phones.
But there is increasing evidence that money from selling the tools will
create a stronger incentive for more accomplished programmers to get
into the game, which could make the programs harder to detect, Niemela
Niemela said his prediction follows what has happened with the malware
writers in the PC market. Many hackers are now in the business of
selling easy-to-use tools to less technical hackers rather than hacking
into PCs themselves.
One of the latest tools on the market is Mobile SpySuite, which Niemela
believes is the first spy tool generator for mobiles. It sells for
US$12,500 and would let a hacker custom-build a spy tool aimed at
several models of Nokia phones, Niemela said.
The number of mobile spyware programs pales in comparison to the number
of such programs available for PCs. However, mobile spying programs are
harder to track, since security companies such as F-Secure don't see as
many samples circulating on the Internet as they do of malicious
software for PCs.
Anecdotal evidence has emerged that enterprises may be increasingly
encountering mobile spyware on their fleets of phones. The clues have
come from companies that are relatively cagey when talking about what
they have seen.
"There have been certain cases of corporate customers asking very
detailed questions about spy tools and not mentioning why they need the
information," Niemela said.
Some of the more well-known spy programs are Neo-cal land FlexiSpy.
Neo-call is capable of secretely forwarding SMS (Short Message Service)
text messages to another phone, transmitting a list of phone numbers
called, and logging keystrokes. FlexiSpy has a neat, Web-based interface
that shows details of call times, numbers and SMSes, and it can even use
a phone's GPS (Global Positioning System) receiver to pinpoint the
Hackers usually need to have access to the phone itself to install the
software. And OS manufacturers such as Symbian have enabled security
features such as application signing, which is intended to prevent rogue
programs from being installed on a phone.
Most rogue spying programs leave traces on the phone, and analysis tools
can be used to check a phone's processes and file system to see if
something is there that shouldn't be, Niemela said.
But there are ways that less technical users can get a hint they've been
hacked. One simple clue is if a colleague of the victim knows something
that they shouldn't, Niemela said.
Also, mobile spying programs have to transmit their data. If the spy
program sends data over GPRS (General Packet Radio Service), the network
operator will demand payment. "As long as it has to use a paid channel,
it can not escape the operator's bill," Niemela said.
Another way is to replace the phone's SIM card with one that allows for
real-time monitoring. SMSes can then be sent to the phone, which in many
countries are free to receive. If the monitoring reveals outgoing data
traffic after SMSes are received, the phone could be hacked. It's also
possible to check if the GPRS connection icon lights up after a message
is received, Niemela said.
Niemela offered some defenses against mobile spyware: Keep the OS up to
date, as manufacturers are usually working to counter new devious
software. The use of a mobile antivirus program is also prudent, he
said. People should also use password protection to block access if
someone gets a hold of the device.
Administrators can also regularly "flash" phones to wipe off malware, as
well as ensuring that phones only install signed applications.
And when the phone is out of a person's hands, another option is to put
the device in a tamper-proof container. But "for most people, this is
way too James Bond," Niemela said.
Subscribe to InfoSec News