News Stay informed about the latest enterprise technology news and product updates.

Mobile phone spyware -- it's here

Mobile spyware has popped up a few times recently. Researchers say it isn't time to worry -- yet.

Mobile viruses are becoming more common; so are many other security threats to mobile devices and the data they hold.

Most recently, however, researchers have learned that hackers are now creating mobile spyware, which manipulates SMS messages and allows them to be read by others.

David Rayhawk, senior researcher for McAfee Mobile, said there is evidence that malware writers are now actively working on developing their own mobile spyware. So far, he said, a Russian malware author has released a prototype of SMS-forwarding spyware that is invisible to the user, loads on startup, and forwards SMS text in a new SMS to the spyware's author. The malware breaks down at the forwarding part, but with some tweaking, Rayhawk said, an experienced hacker could figure it out.

The recent discovery is not the first time mobile spyware has been noticed, but Rayhawk said that it is time for folks to pay attention.

"It's definitely not the end of the world," he said, noting that whoever created the most recent mobile spyware program also released the incomplete source code that would allow hackers to spy on others. If that source code spreads further, he said, it could be cause for alarm.

"If that source code gets out, a semi-able hacker could adjust it," Rayhawk said.

The spyware works like this: A hacker sends an SMS message to the target. The target opens the message, installing the spyware onto the device. That spyware, unbeknownst to the victim, takes the SMS messages and forwards them on to the hacker.

Rayhawk said mobile operators should be the most concerned because protecting devices would cost them money, and a massive spyware outbreak could also have a financial impact. But he said it's premature for users to worry.

"The likelihood of an individual user getting targeted is pretty low," he said.

For more on mobile security
Read more about mobile security

Check out our story on SMS phishing
There are steps that can be taken to avoid falling victim to mobile spyware, however. Rayhawk said embedded device security, such as antivirus, should be installed on devices when they come from the manufacturers.

In March, malware was found that copied SMS messages and sent them to a server where they could be retrieved by hackers. Then, in September, spyware was found that could retrieve SMS messages, contact numbers and call logs. There is also mobile malware that can call a device, make the device answer silently without the user's knowledge, and turn the device into a remote bug.

Rayhawk suggests that smartphone and mobile phone users start treating their devices more and more like PCs. He said that -- as a culture -- mobile users need to recognize that their devices are just as susceptible as their larger, fixed counterparts to spyware, worms, viruses and other malware.

"People trust phones too much," Rayhawk said. "Users need to apply the same level of paranoia to their phones as they do to PCs."

Dig Deeper on Enterprise mobile security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.