TMCnet News
Commercially available FlexiSPY is first app to let users secretly monitor calls and SMS messages on a smartphone, leading anti-virus firm to label it malicious code and take action.(www.esecurityplanet.com Via Thomson Dialog NewsEdge) The first program to secretly monitor calls and SMS messages on mobile handsets has anti-virus companies up in arms. Finland s F-Secure even named FlexiSPY Light, from Thailand-based Vervata , a Symbian Trojan for S60 interface smartphones. Common in the PC world, FlexiSPY is the first spyware application for handsets. Vervata plans to add support for Research In Motion's BlackBerry wireless handhelds and Microsoft-based Pocket PC Phones shortly. Vervata describes FlexiSpy as a 'activity logger' for catching cheating spouses and monitoring children. It logs SMS messages, incoming and outgoing call history and durations, GPRS (data) activity, and contact information on a remote server for access later through a Web page. So not only does it raise questions about the ethical nature of spying, but there are concerns about the remote storage of personal information for people who don t know their data is being remotely stored as well. F-Secure is so concerned about FlexiSPY Light, the security vendor has designated the software SymbOS/Trojan-spy.Flexispy.A and added it to the definition file for its F-Secure Mobile Anti-Virus software. So if a phone is infected, the user is told they re being spied on. Vervata takes issue with F-secure adding FlexiSPY to its anti-virus sofware, asserting in a statement to The Register that the Trojan label was not justified and users could remove the application themselves. The user in question is the one who put FlexiSPY on the phone in the first place and not the one unknowingly carrying it on their handset, of course. "An uninstall option is provided for the user, so the application can be removed at any time. Configuration settings are also available to allow frequency of connections, thereby allowing the user to minimize network connections to once daily if required," according to Vervata. Victims - those being spied on - have no idea the software is running on their handset. F-Secure's Jarno Niemela writes on the company's blog, "This application installs itself without any kind of indication as to what it is. And when it is installed on the phone it completely hides itself from the user." The software has a hidden user interface that can only be accessed by the person who bought the $49.95 application and installed it on the phone. To F-Secure, that's enough to make FlexiSPY malicious code. But what if the software got into the wrong hands: it could get worse. A creator of malicious code could install FlexiSPY as part of malware payload. "Or a hacker could simply send it to a victim over Bluetooth and trust that there are enough curious people to install it," Niemela adds. Vervata counters by pointing out that its software is incapable of spreading automatically. "FlexiSPY is activity monitoring software that needs to be consciously installed by a human, who knows exactly what the software does. It does not self replicate, it does not pretend to be something it is not, and it always requires conscious human action for installation," the company told The Register . It adds, however, "Like any other monitoring software there may be a possibility for misuse, but there is nothing inherent in FlexiSPY that makes it illegal or malicious. F-Secure's comments categorising FlexiSPY as a Trojan are completely incorrect." Nonetheless, as F-Secure points out - and even Vervata readily cautions on its Web site - spying on personal phone conversations is illegal in most countries throughout the world. So when Vervata quotes a divorcee saying, "I finally figured out my wife was cheating on me with my brother. I had a bad feeling about this for over a year. After the divorce, my life is so much better now," you have to wonder exactly how many users would actually have the legal right to apply the software in that manner where they live. And how many already have? A more advanced version of Vervata's spyware application for smartphones, FlexiSpy Pro, is in the works; adding support for MMS and e-mail to the capabilities of the light product. Vervata also plans to provide remote monitoring of actual phone conversations as they're happening. Users who surreptitiously install FlexiSpy Pro will be able to specify a phone number from which they can call the smartphone without it ringing. The call activates the microphone on the phone enabling them to act like a 'fly on the wall' during conversations. This article was first published on PDAStreet.com . Internet.com Corp. Copyright 2003 Jupitermedia Corp. All rights reserved. Republication and redistribution of Jupitermeida Corp. content is Expressly prohibited without the prior written consent of Jupitermedia Corp.. Jupitermedia Corp., shall not be liable for any errors or delays in the Content, or for any actions taken in reliance thereon. |