If you feel that you are the victim of this sort of attack some of the information below may help you erase the software from your phone, but this guide should not be used in place of police intervention.
Applications that can spy on you via your mobile phone are real, but how concerned should you really be and how can you safeguard yourself against an attack?
Some of you might have seen a story run by Channel Nine's A Current Affair where the journalist showed a smartphone spying application in action, capable of logging calls, SMS messages, GPS coordinates and even turning the phone into a microphone. Obviously the use of this kind of smartphone application can have powerful and dangerous consequences for those who are spied on, but how realistic is this sort of attack and what can you do to protect yourself?
Should I be concerned?
While we don't want to underplay the severity of this kind of attack, we do want to stress that the use of these applications is not something most smartphone users will need to worry about. It's difficult to accurately estimate how many people are using this sort of software to spy in Australia, but unless you have a reason to be suspicious we doubt you need to worry too much.
Glenn Ryan, a Private Inquiry agent operating in Sydney, told CNET Australia that while he has been aware of applications like Flexispy for a number of years, he finds most of his potential clients are not aware of its existence, and those who have heard of it don't understand the legalities surrounding the use of this technology.
"There is a lawful use for the software, but 99 per cent of the enquiries we get (regarding mobile surveillance) are all for the unlawful use of it," says Ryan. He says that most of the clients of his firm are deterred once they understand what they would be required to do to use spy software legally.
So using spy apps is illegal?
In most instances, absolutely. In NSW this falls under the Surveillance Devices Act 2007, which states: "A person must not possess a record of a private conversation ... knowing that it has been obtained, directly or indirectly, by the use of a listening device, optical surveillance device or tracking device." Collecting data using this sort of application is only legal where the target parties know they are being tracked or that their conversations are being recorded. In all other cases, using Flexispy could land you in hot water, with penalties including jail time.
Smartphones are little computers
This is the first thing to remember when considering what kind of attack you might need to protect yourself from. Smartphones are designed in a similar way to the PCs we use at work and at home, and as such there is the possibility for someone to write malicious code and for this code to be installed on your phone. Application developers like Laramine, the company behind Flexispy, have exploited this design and created software that taps into the phone's core hardware and sends the data it collects back to a central server. But like PCs, phones can be scanned for malicious code by antivirus software and you can also wipe the memory to delete everything and start again.
SIMs are safe
If someone installs spyware on your smartphone this will not affect your SIM card or your phone number in anyway. This means that in some instances the best action to take if you suspect you are being spied on is to turn your smartphone off, remove the SIM and insert it into a different phone until you can ascertain the situation you are in.
Once this software is installed on the phone it will run invisibly in the background in most cases. Even the program files are often hidden so that the software can continue to spy without being detected itself. IDC industry analyst Mark Novosel points out that because of the design of the software there are some "tell-tale signs that all is not as it should be with their device".
"In order for the software to transfer the logs to the website, from where it can be read, it needs to establish a data connection, and in most cases the handset will show an icon indicating there is data activity. If the suspect is not knowingly using data at the time of the transfer, its quite likely this would arouse suspicion," says Novosel.
They say prevention is the best defence, and this is true for those who could potentially fall victim to smartphone spying. Because the software has to be manually installed on your phone you have a chance to arm yourself against an attack.
- Don't leave your phone unattended: for most of us, our phones are like our diaries. They are home to an array of private information, whether it is business secrets or the details of our personal relationships. Treat your phone like a diary and keep it close at all times.
- Password protect yourself: all smartphones have a password or PIN lock protection feature — use it. You can turn it on and set the PIN in the settings menu on your phone.
- Back up: if someone installs a spy app on your phone it may be necessary to switch to a new phone or wipe the memory of your current phone to prevent them from tracking you down. Back up your SMS messages, contacts and photos to a PC so they can be easily transferred to a new phone if an emergency arises.
- Antivirus: even though apps like Flexispy are not officially considered viruses, some antivirus software for mobile phones treat them as though they are. F-Secure is an antivirus app for Nokia's Symbian phones and Windows Phones, which will scan the files on your phone and delete any associated files with Flexispy and a few others. BlackBerry users can find Kisses on the BlackBerry App World, which is a free download and capable of detecting some spy apps and deleting them.