Spying on you through your mobile phone

By Muthoga Kioni

Mobile phones are used for a variety of purposes, including communication, entertainment and conducting business.

The acceptance and permeation of this technology in Kenya has been unprecedented with over 10 million mobile phone subscribers being registered in the past few years.

No other device in recent history has become more ubiquitous and pervasive as the mobile phone.

Last year proved to be a technological watershed for mobile telephony in Kenya. Various unique developments occurred in the Information Communication Technology (ICT) sector that had a direct bearing on the mobile sub sector.

2009 also saw mobile telephony further embed itself in our social fabric. M-Pesa has entered our everyday lexicon and its run-away success has come to symbolise our increasing dependence on mobile telephony.

The mobile phone has inexorably intertwined itself to our lives as can be attested by mobile banking. You can never leave home without a mobile phone and anyone who doesn’t possess it is disparaged as a simpleton.

Data security in mobile devices has, therefore, come into sharp focus due to the rich data hunting ground provided by the increasingly powerful mobile phones we carry around.

Mobiles have evolved into miniature computers with all the attendant functionalities and weaknesses that exist in the computing environment. This is the most important point to grasp if you are to understand how a mobile can be bugged.

Bugging device

Various vulnerabilities exist in the Short Message Service (SMS), voice and bluetooth mechanisms of our mobile phones.

Apart from voice, the most commonly used data application on mobile applications is SMS text messaging. It is reported that over 74 per cent of global mobile phone owners are active users. It is also very lucrative considering that such a high percentage of global mobile phone owners are active SMS users. This makes it a logical starting point for any spy.

Programs exist that can turn your mobile into a bugging device. Short messages are sent using a protocol (rules determining the format and transmission of data) supported by an SMS centre (SMSC) which forwards messages sent from a mobile to the destination. These protocols have flaws, which can be exploited to introduce a Trojan horse into your mobile. One such weakness is found in the service SMS.

A spy only requires your mobile phone number and sends off a service SMS. A service SMS is used by phone operators to update software on phones. These updates can vary from routine tweaks to an overhaul of the phone’s internal systems. These service SMS messages are, however, never challenged by the phone to verify whether they are legitimate.

It is, therefore, easy to pose as a phone operator and send a Trojan virus which never registers in your inbox. You will never hear a sound or see any indication that a Trojan has been installed.

The Trojan is then used by the spy to listen to all your mobile phone conversations and read all your SMS text messages. You can Google Rexspy for more details.

Voice tapping

Voice tapping used to be very simple in the days of analogue cellular/mobile phones. With a simple radio scanner it was possible to eavesdrop on wireless phone conversations. The switch over to digital technology greatly reduced this vulnerability because digital protocols like GSM were able to use encryption to secure conversations.

It is, therefore, considerably difficult, though possible, to intercept and eavesdrop on digital cell phone conversations.

The equipment to do so is quite costly and telecom providers, government intelligence, law enforcement agencies and some unethical corporations engaged in industrial espionage, tend to be the only ones who have access to such sophisticated equipment.

However, there are software products out there that enable call interception, which is the ability to secretly listen into a live phone call on the target’s cell phone.

To do this, you simply specify the numbers you are interested in and when any calls to or from these numbers occur on the target’s cell phone, the software will send a secret text message to your cell phone. Once you get notified that a call is being made, you then call the target’s cell phone and you will be added to the live call.

The main shortcoming in these products is that there is no way you can install this kind of spy software without getting access to the target phone. So think twice next time you leave your phone at the gate of some embassy, company or government installation. Check out flexispy blogspot for further information.

BlueJacking

Bluetooth wireless communication systems are basic features on mobile phones, computers and other modern electronic gadgets. Bluetooth means that Bluetooth enabled devices can send things like address book contacts, pictures and notes to other Bluetooth enabled devices wirelessly over a range of about 10 metres.

The snarf attack, also called bluesnarfing, is a Bluetooth-enabled hacking technique that allows hackers to access another Bluetooth device without the victim’s knowledge. This attack is similar to bluejacking and raises obvious concerns similar to where the spy gains access to the victim’s phone book, missed, received or dialed contacts. It is also possible for the attacker to use the phone’s commands through their own phone.

Therefore, our mounting dependence on mobile telephony will in the near future expose us to the risk of mobile spying. It is important to educate yourself on the inherent vulnerabilities that are found in this technology. This is the only way you can mitigate against the mobile telephony risks that we are getting exposed to.

The writer is an ICT Security and Forensic Specialist. Email: bmuthoga@hotmail.com