Spy software for mobile to become more broadly obtainable

By Dave Nixon

Spying programs for mobile phones are expected to develop in sophistication according to a top mobile analyst.

Lots of the spy programs on the market are potent, but aren’t very refined code, said Jarno Niemela, a senior anti-virus researchers for Finnish security vendor F-Secure, speaking at the Black Hat security conference in Las Vegas.

But there is rising evidence that money from selling the tools will generate a stronger incentive for more skillful programmers to get into the game, which could make the programs harder to distinguish, Niemela said.

Niemela said his forecast follows what has happened with the malware writers in the PC market. Many hackers are now in the business of selling easy-to-use tools to less technical hackers before hacking into PCs themselves.

One of the latest tools on the market is Mobile SpySuite, which Niemela believes is the first spy tool generator for mobiles. It sells for US$12,500 (£6,220) and would allow a hacker to custom-build a spy tool aimed at several models of Nokia phones, Niemela said.

The quantity of mobile spyware programs pales in contrast to the number of such programs available for PCs. Nonetheless, mobile spying programs are harder to follow, since security companies such as F-Secure don’t see as many samples circulating on the Internet as they do of malicious software for PCs.

Subjective evidence has emerged that enterprises may be more and more encountering mobile spyware on their fleets of phones. The suspicions have come from companies that are relatively guarded when talking about what they have seen.

“There have been certain cases of corporate customers asking very detailed questions about spy tools and not mentioning why they need the information,” Niemela said.

Some of the more renowned spy programs are Neo-cal land FlexiSpy. Neo-call is competent of secretly forwarding SMS text messages to another phone, transmitting a list of phone numbers called, and logging keystrokes. FlexiSpy has a tidy, web-based interface that shows details of call times, numbers and SMSes, and it can even use a phone’s GPS receiver to pinpoint the victim’s location.

Hackers typically need to have access to the phone itself to install the software. And OS manufacturers such as Symbian have enabled security features such as application signing, which is intended to thwart rogue programs from being installed on a phone.

Most rogue spying programs leave traces on the phone, and analysis tools can be used to check a phone’s processes and file system to see if something is there that shouldn’t be, Niemela said.

However there are ways that less technical users can get a hint they’ve been hacked. One straightforward clue is if a colleague of the victim knows something that they shouldn’t, Niemela said.

Also, mobile spying programs have to transmit their data. If the spy program sends data over GPRS, the network operator will demand payment. “As long as it has to use a paid channel, it can not escape the operator’s bill,” Niemela said.

An additional way is to replace the phone’s SIM card with one that allows for real-time monitoring. SMSes can then be sent to the phone, which in many countries are free to receive. If the monitoring reveals outgoing data traffic after SMSes are received, the phone could be hacked. It’s also possible to check if the GPRS connection icon lights up after a message is received, Niemela said.

Niemela offered some resistance against mobile spyware: Keep the OS up to date, as manufacturers are usually working to counter new devious software. The use of a mobile anti-virus program is also sensible, he said. People should also use password protection to block access if someone gets a hold of the device.

Administrators can also regularly “flash” phones to wipe off malware, as well as ensuring that phones only install signed applications.