Tuesday, March 10, 2015

How To Find If Someone Is Installing Spyware On Your Phone

There is no more discussed Internet topics today than security and privacy. Of course, sometimes they are one and the same. Spyware has been in use for quite a while and it can be for anything as simple as a spouse or, potentially, a large institution. Below is a good article which presents the most common spyware for the spouse or employer and how to find and re-mediate it!
 7/27/2012 Andy Greenberg Forbes.com
How To Bust Your Boss Or Loved One For Installing Spyware On Your Phone
Espionage software isn’t just for Chinese intelligence agents and Eastern European identity theft rings. A miniature spyware industry also serves jealous spouses, worried parents, even overbearing bosses. Luckily for the targets of those small-time spies, however, it turns out that consumer-grade snoopware is much, much shoddier than the professional variety.
At the Defcon hacker conference this weekend, forensics expert and former Pentagon contractor Michael Robinson plans to give a talk on how to detect a range of commercial spyware, programs like MobileSpy and FlexiSpy that offer to let users manually install invisible software on targets’ phones to track their location, read their text messages and listen in on their calls, often for hundreds of dollars in service fees.
Robinson tested five commercial spying tools on five different devices–four Android devices and an iPhone. In most cases, he found that uncovering the presence of those spyware tools is often just a matter of digging through a few subdirectories to find a telltale file–one that often even specifies identifying details of the person doing the spying. “I was shocked to find so many glitches, and so much data that allowed attribution,” says Robinson. “If I’m going to be spying on someone, I don’t want them to know my email address and phone number.”
Here’s a rundown of each of the tools and devices Robinson tested and the spyware giveaways he found. Though he used a collection of multi-thousand dollar forensic software–UFED Physical Analyzer, Microsystemation XRY and Paraben’s Device Seizure–to find these clues, a user without those tools can check for the same evidence in most cases. I contacted all the companies that provided any sort of contact information and will update the story if I hear back from them.
Robinson installed Spy Bubble, a program that markets itself as “the world’s most advanced cell phone tracking and monitoring system” on an LG Optimus Elite. He first found that it left behind an installer file called “radio.apk” in the subdirectory  “/mnt/sdcard/Download.” But Robinson also learned that the user doing the spying is meant to dial a PIN on the victim’s phone to change the program’s setting, and despite the software’s claims that the code would be deleted from the phone’s call log, it still appeared in the log of the phone he tested. The default PIN to access those settings is #999999*, but even if it’s changed, the number will start with a hash symbol and end with an asterisk. Even more glaring evidence existed in a subdirectory called “data/data/com.radioadv,” where Robinson found a collection of folders that contain files called “secret.txt,” the PIN number used to change the spyware’s settings, and “buddy.txt,” the cell phone number that’s used for the spyware’s remote control.
Robinson put Mobistealth, “the ultimate cell phone spy software,” on a LG Optimus V, and found that it left behind the conspicuously named file “mobistealthv2.apk” in the download directory of the phone’s SD card. The software’s guts, however, were better concealed in a folder called “LookOut.secure,” seemingly an attempt to hide under the name of the popular smartphone security software Lookout, under the directory “data/data.” In that folder Robinson found a “loggedpictures.ser” file that collects all the photos Mobistealth uploads to the spy, as well as a “configuration.xml” file that includes the spy’s FTP credentials, a potential giveaway to his or her identity.
Robinson says the most cringingly glitchy of the spyware programs that he tested was also one of the most expensive, with a $350 fee per year. When he installed Flexispy on an HTC Wildfire that had been rooted, per the software’s installation instructions, it left behind a file called “FSXGAD_2.03.3.apk” on the SD card’s download folder, as well as a cached image of its registration page in a subdirectory called “bookmark_thumb1.” But things quickly got much more obvious. Robinson says his phone running Flexispy periodically showed a message warning that “unknown” had gained “superuser access.” And when the text messages he sent the phone to issue Flexispy commands weren’t deleted as Flexispy had advertised, he says he learned from the software’s customer service that the stealth text message feature only works on GSM carriers like AT&T and T-Mobile, not CDMA ones like Verizon and Sprint, where the messages appear for any user to see.
Mobilespy, which Robinson ran on a Samsung Galaxy Prevail, left behind a file called “ms5-­2.1-­above.apk” in the phone’s SD card download folder. But the real breadcrumbs are in subdirectory “/data/data/”, where a folder called “com.re=na22.ms6″ includes a file non-stealthily named “MobileSpyData6.0.xml.” That file includes the email address where the spy is receiving updates.
The only spyware that didn’t present obvious clues visible to the average user was Spyera, running on an iPhone. The real difficulty in detecting the software stemmed not from its stealthiness, but from the difficulty of accessing the file directory on an iOS device. Using his forensic software, Robinson found a folder called “Logs” including a file called “ownspy.log.” But he couldn’t suggest an easy way for the average user to definitively check for the program’s presence without his expensive tools. “On this one, without forensic software you’re probably hosed,” says Robinson.
One hint, however, is that Spyera requires the phone be jailbroken. So if the user can find evidence of jailbreaking such as the app Cydia or other tweaks to the OS, it may be a sign someone has tampered with the phone to allow spying. When in doubt, simply restore the phone from a backup or upgrade its firmware to un-jailbreak it. And then try not to let your phone out of your sight.

**Important note** - contact our sister company for very powerful solutions including Crossware, a powerful email signature software product as well as IP management (IPv4 and IPv6, security, firewall and many other IT solutions:


In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in just 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.