[ISN] BLACK HAT - Analyst: Money will fuel mobile spying programs

From: InfoSec News (alerts@private)
Date: Sun Mar 30 2008 - 22:18:41 PST


http://www.pcworld.idg.com.au/index.php/id;1126249158

By Jeremy Kirk 
IDG News Service
31/03/2008 

Spying programs for mobile phones are likely to grow in sophistication 
and stealth as the business around selling the tools grows, according to 
a mobile analyst at the Black Hat conference on Friday.

Many of the spy programs on the market are powerful, but aren't very 
sophisticated code, said Jarno Niemela, a senior antivirus researchers 
for Finnish security vendor F-Secure, which makes security products for 
PCs and mobile phones.

But there is increasing evidence that money from selling the tools will 
create a stronger incentive for more accomplished programmers to get 
into the game, which could make the programs harder to detect, Niemela 
said.

Niemela said his prediction follows what has happened with the malware 
writers in the PC market. Many hackers are now in the business of 
selling easy-to-use tools to less technical hackers rather than hacking 
into PCs themselves.

One of the latest tools on the market is Mobile SpySuite, which Niemela 
believes is the first spy tool generator for mobiles. It sells for 
US$12,500 and would let a hacker custom-build a spy tool aimed at 
several models of Nokia phones, Niemela said.

The number of mobile spyware programs pales in comparison to the number 
of such programs available for PCs. However, mobile spying programs are 
harder to track, since security companies such as F-Secure don't see as 
many samples circulating on the Internet as they do of malicious 
software for PCs.

Anecdotal evidence has emerged that enterprises may be increasingly 
encountering mobile spyware on their fleets of phones. The clues have 
come from companies that are relatively cagey when talking about what 
they have seen.

"There have been certain cases of corporate customers asking very 
detailed questions about spy tools and not mentioning why they need the 
information," Niemela said.

Some of the more well-known spy programs are Neo-cal land FlexiSpy. 
Neo-call is capable of secretely forwarding SMS (Short Message Service) 
text messages to another phone, transmitting a list of phone numbers 
called, and logging keystrokes. FlexiSpy has a neat, Web-based interface 
that shows details of call times, numbers and SMSes, and it can even use 
a phone's GPS (Global Positioning System) receiver to pinpoint the 
victim's location.

Hackers usually need to have access to the phone itself to install the 
software. And OS manufacturers such as Symbian have enabled security 
features such as application signing, which is intended to prevent rogue 
programs from being installed on a phone.

Most rogue spying programs leave traces on the phone, and analysis tools 
can be used to check a phone's processes and file system to see if 
something is there that shouldn't be, Niemela said.

But there are ways that less technical users can get a hint they've been 
hacked. One simple clue is if a colleague of the victim knows something 
that they shouldn't, Niemela said.

Also, mobile spying programs have to transmit their data. If the spy 
program sends data over GPRS (General Packet Radio Service), the network 
operator will demand payment. "As long as it has to use a paid channel, 
it can not escape the operator's bill," Niemela said.

Another way is to replace the phone's SIM card with one that allows for 
real-time monitoring. SMSes can then be sent to the phone, which in many 
countries are free to receive. If the monitoring reveals outgoing data 
traffic after SMSes are received, the phone could be hacked. It's also 
possible to check if the GPRS connection icon lights up after a message 
is received, Niemela said.

Niemela offered some defenses against mobile spyware: Keep the OS up to 
date, as manufacturers are usually working to counter new devious 
software. The use of a mobile antivirus program is also prudent, he 
said. People should also use password protection to block access if 
someone gets a hold of the device.

Administrators can also regularly "flash" phones to wipe off malware, as 
well as ensuring that phones only install signed applications.

And when the phone is out of a person's hands, another option is to put 
the device in a tamper-proof container. But "for most people, this is 
way too James Bond," Niemela said.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Sun Mar 30 2008 - 22:29:19 PST