NEWS FROM THE LAB - Thursday, August 31, 2006

Mobile Spy Tool (With Video) Posted by Jarno @ 08:30 GMT

Let's suppose you have a keylogger installed on "your" computer. Would you mind? There are a number of factors to consider: who is the owner of the computer, where is it physically located, and what are the local laws in effect? If it's at work and provided to you by your employer in a country with no laws against it, then you might mind — but there's nothing you can do about it. However, if we were speaking of your personal computer located in your own home — then of course you would mind. You might even be outraged.

How about your phone?

For the last several weeks we've been researching monitoring tools and spy applications that run on the Symbian OS as well as on other mobile phone platforms. And what we have discovered is rather interesting.

We originally thought that such software would still be a rather limited phenomenon and that there would be only a couple vendors making spy tools for smartphones. But it turns out that there's quite a cottage industry that has been lying low and by and large has been able to escape attention. We found that there are several vendors either making software for Symbian smartphones or are making hardware-modified versions of just about any phone available. All phones and software we found provided a rather similar set of features.

A typical feature set includes SMS forwarding, SMS and voice call log information, remote listening, covert conference calling, and some even include localization services. This basically means that if the victim has a full-featured spy application installed on their phone, they have no privacy whatsoever and that the one controlling the software has access to all of the information that the phone has.

The spy software vendors state that their software should be used only in accordance of local laws. And that a typical application for such tools is to keep track of your spouse (in order to catch possible cheating), or to monitor your children, or just to keep track of your own phone use.

But of course the vendors take no responsibility for how their software is actually used, and in many countries such monitoring is viewed as gross violation of personal privacy and can end up in a jail sentence. And these tools have darker uses such as industrial espionage, identity theft, or stalking.

Play Acallno Demo

In this video (WMV) (XviD) we demonstrate the use of one of the monitoring programs that we are investigating - Acallno.A. It's an SMS spying tool that forwards all sent or received messages to an additional number configured by the individual who installed it on the target phone.

We have added the detection of Acallno.A into F-Secure Mobile Anti-Virus as spyware. Acallno.A is a pseudonym for the real software name. We are in the business of informing our customers of what is running on their phone, not promoting commercial spy utilities.

Acallno.A is limited by the target device's IMEI code, so you have to have familiar access to the phone and cannot just sneak it onto just anyone's phone. And it cannot be just included into a trojan or other method of mass installation.

As monitoring tools are not always illegal, and there might be legal uses for Acallno.A or any other such software, it is possible for users to release the detected spyware so that Anti-Virus allows for its use. If you really want to do that, then please consult the product documentation.