Spyware for smartphones
This morning a call came in from an associate. The voice quality was bad, so we said “You got a new smartphone! Blackberry or iPhone? As it happened, it was an iPhone.
Smartphones are handheld special-purpose computers that connect to the internet using one or another of the wireless broadband protocols. The phone part generally gives the impression of having been thrown in as an afterthought, so that many people carry a Blackberry for e-mail and a mobile phone for making calls, or an iPhone for the really cool things it does and a mobile phone for making calls. Those indifferent to voice quality, however, or those not wishing to carry two devices will often just use the smartphone to actually make calls.
The problem with this is not so much the voice quality – that is merely an annoyance for the person speaking with them – but the fact that these little computers using the Windows or Symbian OS (and, according to the ads, BlackBerry) are apparently very easily hacked. We do not know any smartphone user who has bothered to install anti-malware software, which is surprising considering that there sure is a lot of software designed to allow you to hack smartphones. You can look at http://utilities.flexispy.com/checkphones.jsp?p=0 to see one vendor’s list of phones they can compromise.
So, what can the spy do? Worst case listen in to every call you make, real- time, and get copies of your text and e-mail messages, as well as activate the phone to hear what is being said near it. For the iPhone, the worst that can be done that we have found is to get copies of all SMS, e-mail, GPS locations, and the logs of all phone calls made. We suspect that real-time listening to conversations are available now, or will be available soon.
The good news is that in order to hack your phone the hacker needs physical access to it. Installation of the malware is often done via Bluetooth, which means that the hacker has to link your device with his to make the transfer. The easiest way to prevent this is to make sure that nobody else ever has access to your smartphone. This issue of access is significant
Thus, as an example, if you were using two smartphones with encrypting software installed, you could make secure encrypted calls. But if you let them be out of your control for as little as under three minutes and the phones could be compromised, and the encryption meaningless – at least to the spy.
There are also clues as to your being tapped. In some cases your battery could be running down quicker than it should, because of all the extra transmission. In come cases the batteries will be warm, as often happens during long calls. You may notice increased GPRS or SMS activity on your bill. You phone might light up at odd times, when you are not doing anything with it. And it might make nearby loudspeakers buzz at randomly appearing times, much the way they would if you were actually making a call.