Flashback: Hidden Spy Tools, Like Bugs in Cell Phones and Other Appliances, are Tracking You
Malware, four short lines of computer code hidden among millions of lines of computer programming language that run your cell phone and all its applications, can allow someone to spy on you using your cell phone, and you will have no idea it's even happening. These four lines of instructions hide a program that allows the person who installed it on your phone to take every bit of information from your cell phone: your pictures, your personal addresses, your data, etc. The spyware is a lurking danger that turns your cell phone into a secret listening device, an instrument used to spy against you. The spyware also allows someone to listen in on cell phone calls in real time, as they are happening, and allows someone to track your movements in real time. Even with your cell phone turned off, investigators could still dial in and listen to the conversation while standing several miles away. Your cell phone becomes a monitor of you and the use of your phone. As cell phones are getting more advanced, so is the spyware: for example, there's an exploit that allows someone to say 'open up that video camera and let me record everything happening right now.'Mobile phones are becoming a bigger part of our lives, and we could start using them as combined diaries and wallets. Among other things, the next generation of cell phones will be used to keep tabs on our health, store cash and make transactions. By next year about 1 in 3 new smartphones will have accelerometers; pressure sensors and gyroscopes will follow, and soon your handset may keep tabs on your health and pay your bills too. Your phone could act as a wellness diary, and start to integrate data with the primary health records kept by your doctor.
These changes could well be exploited in much the same way that email and the internet can be used to "phish" for personal information such as bank details. M-commerce, in which phones are used to transfer money or pay for shopping, is already expanding rapidly. Phones with built-in fingerprint scanners are already on the market, and Sharp has experimented with face recognition on handsets, though hackers have recently shown that face recognition is easily defeated with just a photograph.Meanwhile, Apple is thought to be considering adding biometric security measures, such as a fingerprint scanner, to future iPhones.
Cell Phone Spy Dangers
June 20, 2010CBS4, Miami - A CBS4 I-Team investigation into your safety and security raises troubling questions about your cell phone and how it might be used against you. We're not talking about how a cell phone and its records could be used in a court of law, although that's a possibility too, but how it can be used as a tool to spy on your life by people meant to do you harm.
What's worse, the technology is so advanced that experts say people can spy on you using your cell phone and you will have no idea it's even happening.
I-Team investigator Stephen Stock spent the last six months researching how this technology works.
Talking, texting and tweeting you see it all the time.
If they appear to be everywhere, the US Census bureau says they truly are. In a nation of 309 million people officials estimate there are as many as 200 million cell phones.
The majority of Americans use all these cell phones to talk, text or tweet.
But all this high tech communication hides a dark and troubling danger.
"I don't think the general public is aware how insidious this can be," said private investigator and cell phone spyware expert Tim Wilcox.Wilcox owns and runs one of the premier private investigative companies in the country, International Investigators, Inc. International Investigators does a lot of things. But one of the company's specialties and expertise is uncovering and exposing hidden spy tools like bugs in cell phones and other appliances.
Click here to go to the International Investigators' website.
"It takes about 90 seconds to download the spyware, and you're in business," said Wilcox of some versions of this software that can be loaded onto someone's cell phone.The spyware is a lurking danger that turns your cell phone into a secret listening device, an instrument used to spy against you. Worse yet, you'll likely never know it is on your phone.
"There could be anywhere from three to five or six million cell phones that are infected with spyware (at any one time)," said Wilcox.This spyware, otherwise called malware, can be found through a simple search on the Internet. The software can be loaded onto your phone in a matter of minutes or even seconds. Once it is on your phone and operating, it can turn your cell phone against you.
"I put $70 malware onto a phone (for demonstration) through blue tooth and then onto this computer," said Daniel Smith, an expert in uncovering and defeating this type of spyware.Smith, a recent graduate of Purdue University's College of Technology, is an expert at finding and getting rid of malware on all kinds of computers and cell phones. Smith works for International Investigators, Inc. And he travels the country investigating complaints of people who believe their cell phones are being used to spy on them.
"That's the file name that's controlling my phone," Smith said as he showed the I-Team a small piece of computer code, four short lines, hidden among millions of lines of computer programming language that run his cell phone and all its applications.Smith demonstrated for the CBS4 I-Team how easy it can be to install and listen in, and how hard it is to detect that the malware is even present.
"This is what we're looking for?" asked I-Team investigator Stephen Stock pointing to the computer screen. "Four lines of code?"These four lines of instructions hide a program that allows the person who installed it on your phone to take every bit of information from your cell phone, your pictures, your personal addresses, your data, your life.
"Four lines of code," said Smith. "That is the file in the computer, the spyware."
"Now you have a list of everything that's on my phone," said Smith as he showed how the spyware quickly downloaded everything from his cell phone for the I-Team to view on another, disconnected computer.To find out exactly how this all works, the CBS4 I-Team bought and installed several versions of spyware on anchor Jawan Strader's blackberry. We did all of this with his knowledge and participation.
During the installation and running of some versions of the software, the I-Team ran into several glitches. Sometimes the software allowed us to "spy" and sometimes it didn't.
The I-Team discovered this type of spyware doesn't always work on all cell phones. The older and less sophisticated the phone, apparently the harder it is to use them to "spy."
But once the I-Team got the software working, the capability was scary. The I-Team could read all of Jawan's e-mails. The I-Team read all of his text messages. I-Team investigator Stephen Stock also got alerts on his cell phone every time Jawan got a call, an e-mail or a text. That way Stock could monitor Jawan's incoming communication at all times.
And even though Jawan met meeting behind closed doors with news director Cesar Aldama and assistant news director Nick Bourne, even with the blackberry turned off, investigator Stock could still dial in and listen to the conversation while standing several miles away.
And the closed-door meetings' participants would never have known that Stock was listening had the I-Team not told them. Remember the cell phone was off. Despite that, Stock was able to use the spyware to dial in and listen using the Blackberry's speaker feature. Experts say that same thing can be done using a cell phone's camera feature.
The spyware also allows someone to listen in on cell phone calls in real time, as they are happening.
The I-Team also used the spyware to track our expert, Daniel Smith's, movements in real time. All while he was in Indiana, as the I-Team sat in Miami.
All of this is illegal in the United States without a court warrant. However, this spyware software is sold on the Internet by offshore companies.
Our experts say as many as 5 to 6% of all cell phones in the US may have once had or now have this spyware on them.
"This is a stack of the complaints we get from people worried about their phones being infected with spyware," said Tim Wilcox as he showed the I-Team a thick folder filled with e-mails and letters from people complaining that someone apparently is spying on them.To learn more about the risks associated with spyware on your cell phone, the I-Team also traveled to Purdue University in West Lafayette, Indiana, to talk to one of the world's experts on cyber-security, Richard Mislan.
"And you get three or four of these a week?" asked I-Team investigator Stock.
"We get three to four every day," replied Wilcox.
"It (the cell phone) becomes a monitor of you and the use of your phone," said Mislan, Assistant Professor at Purdue's College of Technology.For more on Purdue's College of Technology's click here.
Assistant Professor Mislan also serves on the FBI's Cyber Crimes Task Force, is Editor of Small Scale Digital Device Forensics Journal, and is director of Mobile Forensics World.
Mislan and his students at Purdue's College of Technology research just about anything you can think of when it comes to cell phones.
Mislan says ability of the spyware technology to spy is limited only by your phone's capabilities.
"The phones are getting more advanced," said Mislan. "And so -- say we added a video at this point or a video camera option on this phone. Well maybe now there's an exploit that allows me to say 'open up that video camera and let me record everything happening right now.'"Mislan's office is filled with old, used phones used in his research. Some of the old phones date back to the beginning of cell phones. Others are the most advanced, high tech mobile tools on the market.
Mislan said he worries that the public and even government regulators don't realize the safety and security risks this spyware poses to the public.
"Eventually something is going to happen for us to really step back (and assess and do something about this)," said Mislan.While he doesn't like to talk about his clients, and said there are things he is prohibited from saying, research papers published by Mislan show he and his team have done work for the CIA, the FBI, the National Security Agency and military intelligence.
As for the risk to the public posed by this technology, Mislan speaks freely and unequivocally.
"The more high profile phones you go, the smarter they are, the more data that can be exploited," said Mislan.In fact, the federal government is using this technology to check out American citizens without a warrant.
The I-Team learned of a half dozen cases across the country in states as varied as New Jersey, West Virginia, Maryland, Texas, New York and Pennsylvania, where federal magistrates were asked to throw out cases because federal agents had tracked people in real time through their cell phone. In these cases, the cell phone monitoring took place without a hearing, without a warrant without even legal probable cause.
One of the cases has now gone to a Federal Court of Appeals in Pennsylvania.
"It's an incredibly intrusive thing for the government to be able to track you," said Jay Stanley of the American Civil Liberties Union.Stanley heads the technology and liberty program at the American Civil Liberties headquarters in Washington, D.C. The ACLU has joined some of the court cases listed above in fighting some of the federal prosecutors' actions.
"It's not that hard if you're a bad guy then they can get a warrant on you. If you're not a bad guy then why do they want to track you?" said Stanley.Stanley, the ACLU and the Electronic Frontier Foundation have joined efforts in at least two federal cases trying to stop this use of spying on citizens through cell phones without a court order.
"The government is trying to claim they should be able to get location information about your phone both where you've been in the past and also in some cases tracking you in real time without going through the Fourth Amendment," said Stanley. "And without showing a probable cause that you're involved in wrongdoing and getting a warrant."Click here for a link to the Electronic Frontier's Foundation and a listing of the cases in question.
So far, in all but one case the federal magistrates, judges, even an appeals court, have ruled against the federal investigators and for requiring proof of probable cause.
"If I told somebody back in 1975, 'You know what, in 30 years every American practically is going to be carrying a tracking device with them that tells the government everywhere they go live and in real time,'" said Stanley. "That person would have said I guess that means the Soviet Union is going to win the Cold War."Uncovering The Threat Of Cell Phone Spyware
The Pocket Spy: Will Your Smartphone Rat You Out?
October 14, 2009NewScientist - ... A decade ago, our phones' memories could just about handle text messages and a contacts book. These days, the latest smartphones incorporate GPS, Wi-Fi connectivity and motion sensors. They automatically download your emails and appointments from your office computer, and come with the ability to track other individuals in your immediate vicinity. And there's a lot more to come. Among other things, you could be using the next generation of phones to keep tabs on your health, store cash and make small transactions -- something that's already happening in east Asia (see "Future Phones" below).
These changes could well be exploited in much the same way that email and the internet can be used to "phish" for personal information such as bank details. Indeed, some phone-related scams are already emerging, including one that uses reprogrammed cellphones to intercept passwords for other people's online bank accounts.
"Mobile phones are becoming a bigger part of our lives," says Andy Jones, head of information security research at British Telecommunications. "We trust and rely on them more. And as we rely on them more, the potential for fraud has got to increase."So just how secure is the data we store on our phones? If we are starting to use them as combined diaries and wallets, what happens if we lose them or they are stolen? And what if we simply trade in our phones for recycling?
According to the UK government's Design and Technology Alliance Against Crime (DTAAC), 80 per cent of us carry information on our handsets that could be used to commit fraud -- and about 16 per cent of us keep our bank details on our phones. I thought my Nokia N96 would hold few surprises, though, since I had only been using it for a few weeks when I submitted it to DiskLabs. Yet their analysts proved me wrong ...
In February, Google launched Latitude, networking software for smartphones that shares your location with friends. It can be turned off, but campaign group Privacy International is concerned by Latitude's complex settings and says it is possible the program could broadcast your location to others without your knowledge.
"Latitude could be a gift to stalkers, prying employers, jealous partners and obsessive friends," the organisation warns.A phone-based calendar could also leave you vulnerable. Police in the UK have already identified burglaries that were committed after the thief stole a phone and then targeted the individual's home because their calendar said they were away on holiday, says Joe McGeehan, head of Toshiba's research lab in Europe and leader of DTAAC's Design Out Crime project, which recently set UK designers the challenge of trying to make cellphones less attractive to people like hackers and identity thieves.
"It's largely opportunistic, but if you've got all your personal information on there, like bank details, social security details and credit card information, then you're really asking for someone to 'become' you, or rob you, or invade your corporate life," McGeehan says ...Future Phones
By next year about 1 in 3 new smartphones will have accelerometers. Pressure sensors and gyroscopes will follow, and soon your handset may keep tabs on your health and pay your bills too.
For example, Nokia is experimenting with adding biosensors capable of monitoring heart and breathing rates, as well as glucose and oxygen levels in the blood.
"Your phone could act as a wellness diary, and start to integrate data with the primary health records kept by your doctor," says Marc Bailey, a researcher at the Nokia Research Centre in Cambridge, UK.Meanwhile mobile commerce, or M-commerce, in which phones are used to transfer money or pay for shopping, is already expanding rapidly. Cellphone users in Japan can buy train or airline tickets with their handset, while people in Afghanistan, the Philippines and east Africa can use their handsets to transfer money to each other.
"M-commerce is coming, and the expectation is that it will become prevalent in the UK and other European countries within four years," says Joe McGeehan, head of Toshiba's research lab in Europe.To counter this, manufacturers are developing more secure ways of encrypting data on handsets. According to Nokia, users will be able to alter security settings depending on how much data they want available at any one time. Phones with built-in fingerprint scanners are already on the market, and Sharp has experimented with face recognition on handsets, though hackers have recently shown that face recognition is easily defeated with just a photograph.Though these developments should bring many benefits, security is expected to become a problem. "As soon as you put money on anything, criminals become more interested in it," says McGeehan.
Meanwhile, Apple is thought to be considering adding biometric security measures, such as a fingerprint scanner, to future iPhones. However effective these security features are, though, they will only work when turned on.
Phone Security Q & A If I delete a message or photo on my phone will it disappear completely?
Data often remains on a phone's memory chip until it is overwritten. Phones also create extra copies that are spread around its memory. It is possible to overwrite files by copying new data onto the phone. Commercial software will "zero fill" a memory or SIM card to overwrite it.
Where do recycled handsets end up?
According to Andy Jones, a security specialist at British Telecommunications, the main markets for recycled phones are Nigeria and China, "both of which are regarded as areas posing a high threat to the security of information."
What if I smash up my SIM card?
Forensic analysts can often recreate SIM cards using the data that's stored on the handset. How much information they can retrieve depends on the phone model. It is also possible to stick a damaged SIM card back together and then extract its data.
Can my movements be tracked, even if I don't have GPS on my phone?
A technique called cell site analysis can be used to track someone to within 10 to 15 metres, using cellphone masts to triangulate their position. GPS can give more detailed information, such as your altitude or the speed you are travelling at.
Can my handset be used to spy on me?
If someone can get direct access to your handset, they can install software that lets them listen to conversations and monitor text messages without your knowledge. Without direct access, they can still monitor your phone usage remotely, but not eavesdrop on your conversations. It is also possible to send text messages that look like they come from someone else -- a technique called SMS spoofing. This makes it possible to upload messages to someone else's Twitter account, or send your boss rude messages using a colleague's number.
How do I improve my phone's security?
Switch on all security options such as handset PIN codes. Download software to wipe your phone before you throw it away or send it for recycling. Consider buying a handset with fingerprint recognition security. Alternatively, add software that can find your phone or even take control of it remotely should it be stolen, allowing you to encrypt all data stored on it, disable it entirely or even make it emit a loud alarm.
Is it legal for my employer or partner to send my cellphone for analysis?
If it is a company phone, or was a present from your partner, beware. Chances are that they can claim legal ownership and so can do what they want with it.
No comments:
Post a Comment