There is no more discussed Internet topics today than security and privacy. Of course, sometimes they are one and the same. Spyware has been in use for quite a while and it can be for anything as simple as a spouse or, potentially, a large institution. Below is a good article which presents the most common spyware for the spouse or employer and how to find and re-mediate it!
=============================================
7/27/2012 Andy Greenberg Forbes.com
=============================================
7/27/2012 Andy Greenberg Forbes.com
How To Bust Your Boss Or Loved
One For Installing Spyware On Your Phone
Espionage software isn’t just for Chinese intelligence
agents and Eastern European identity theft rings. A miniature spyware industry
also serves jealous spouses, worried parents, even overbearing bosses. Luckily
for the targets of those small-time spies, however, it turns out that
consumer-grade snoopware is much, much shoddier than the professional variety.
At the Defcon hacker conference this weekend, forensics
expert and former Pentagon contractor Michael Robinson plans to give a talk on
how to detect a range of commercial spyware, programs like MobileSpy and
FlexiSpy that offer to let users manually install invisible software on
targets’ phones to track their location, read their text messages and listen in
on their calls, often for hundreds of dollars in service fees.
Robinson tested five commercial spying tools on five
different devices–four Android devices and an iPhone. In most cases, he found
that uncovering the presence of those spyware tools is often just a matter of
digging through a few subdirectories to find a telltale file–one that often
even specifies identifying details of the person doing the spying. “I was
shocked to find so many glitches, and so much data that allowed attribution,”
says Robinson. “If I’m going to be spying on someone, I don’t want them to know
my email address and phone number.”
Here’s a rundown of each of the tools and devices
Robinson tested and the spyware giveaways he found. Though he used a collection
of multi-thousand dollar forensic software–UFED Physical Analyzer,
Microsystemation XRY and Paraben’s Device Seizure–to find these clues, a user without
those tools can check for the same evidence in most cases. I contacted all the
companies that provided any sort of contact information and will update the
story if I hear back from them.
Robinson installed Spy Bubble, a program that
markets itself as “the world’s most advanced cell phone tracking and monitoring
system” on an LG Optimus Elite. He first found that it left behind an installer
file called “radio.apk” in the subdirectory “/mnt/sdcard/Download.” But
Robinson also learned that the user doing the spying is meant to dial a PIN on
the victim’s phone to change the program’s setting, and despite the software’s
claims that the code would be deleted from the phone’s call log, it still
appeared in the log of the phone he tested. The default PIN to access those
settings is #999999*, but even if it’s changed, the number will start with a
hash symbol and end with an asterisk. Even more glaring evidence existed in a
subdirectory called “data/data/com.radioadv,” where Robinson found a collection
of folders that contain files called “secret.txt,” the PIN number used to
change the spyware’s settings, and “buddy.txt,” the cell phone number that’s
used for the spyware’s remote control.
Robinson put Mobistealth, “the ultimate cell phone
spy software,” on a LG Optimus V, and found that it left behind the
conspicuously named file “mobistealthv2.apk” in the download directory of the
phone’s SD card. The software’s guts, however, were better concealed in a
folder called “LookOut.secure,” seemingly an attempt to hide under the name of
the popular smartphone security software Lookout, under the directory
“data/data.” In that folder Robinson found a “loggedpictures.ser” file that
collects all the photos Mobistealth uploads to the spy, as well as a
“configuration.xml” file that includes the spy’s FTP credentials, a potential
giveaway to his or her identity.
Robinson says the most cringingly glitchy of the spyware
programs that he tested was also one of the most expensive, with a $350 fee per
year. When he installed Flexispy on an HTC Wildfire that had been
rooted, per the software’s installation instructions, it left behind a file
called “FSXGAD_2.03.3.apk” on the SD card’s download folder, as well as a
cached image of its registration page in a subdirectory called
“bookmark_thumb1.” But things quickly got much more obvious. Robinson says his
phone running Flexispy periodically showed a message warning that “unknown” had
gained “superuser access.” And when the text messages he sent the phone to
issue Flexispy commands weren’t deleted as Flexispy had advertised, he says he
learned from the software’s customer service that the stealth text message
feature only works on GSM carriers like AT&T and T-Mobile, not CDMA ones
like Verizon and Sprint, where the messages appear for any user to see.
Mobilespy, which Robinson ran on a Samsung Galaxy Prevail, left behind a file called
“ms5-‐2.1-‐above.apk” in the phone’s SD card download folder. But
the real breadcrumbs are in subdirectory “/data/data/”, where a folder called
“com.re=na22.ms6″ includes a file non-stealthily named “MobileSpyData6.0.xml.”
That file includes the email address where the spy is receiving updates.
The only spyware that didn’t present obvious clues
visible to the average user was Spyera, running on an iPhone. The real
difficulty in detecting the software stemmed not from its stealthiness, but
from the difficulty of accessing the file directory on an iOS device. Using his
forensic software, Robinson found a folder called “Logs” including a file
called “ownspy.log.” But he couldn’t suggest an easy way for the average user
to definitively check for the program’s presence without his expensive tools.
“On this one, without forensic software you’re probably hosed,” says Robinson.
One hint, however, is that Spyera requires the phone be
jailbroken. So if the user can find evidence of jailbreaking such as the app
Cydia or other tweaks to the OS, it may be a sign someone has tampered with the
phone to allow spying. When in doubt, simply restore the phone from a backup or
upgrade its firmware to un-jailbreak it. And then try not to let your phone out
of your sight.
============================================
**Important note** - contact our sister company for very powerful solutions including Crossware, a powerful email signature software product as well as IP management (IPv4 and IPv6, security, firewall and many other IT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in just 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
No comments:
Post a Comment