Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Mobile

    Cell Phone Spy Program Raises Concerns

    By
    Matt Hines
    -
    March 30, 2006
    Share
    Facebook
    Twitter
    Linkedin

      A program designed to help people spy on their loved ones mobile phone usage is raising concerns among some security experts who say that enterprises need to be on the lookout for the product, which is marketed under the brand name FlexiSpy.

      Researchers at security applications maker F-Secure issued an alert to customers informing them of the product and warning that if it is loaded on their employees mobile devices, the tool could pose a significant threat to businesses.

      Sold by a Bangkok-based vendor known as Vervata for $49.95, FlexiSpy promises the ability for its users to load the spy program onto a handheld and then receive e-mail reports that provide detailed information on how the device has been used.

      The product is specifically marketed as a way for people to keep an eye on their domestic partners or for parents to monitor their childrens mobile phone habits.

      FlexiSpy promises to divulge a range of private information about devices it is loaded on, including what phone numbers a handheld has been used to dial, how long individual conversations lasted, and even what geographical direction the devices owner is heading in.

      In addition, the program promises to provide complete transcripts of any SMS text messages sent or received on a device, along with related mailbox information.

      The product currently works only on Nokia Series 60 phones running Symbians operating system software, but Vervata is promising to offer support for handhelds running on Microsofts Pocket PC platform and Research In Motions BlackBerry devices by the end of April 2006.

      /zimages/2/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      Each license of the product allows for it to be loaded onto only one device, but the firm also sells a license for tracking multiple handhelds.

      A person must have physical access to a device in order to load FlexiSpy onto the handheld, although it does carry the ability to be loaded wirelessly in close proximity to a device. However, once loaded, FlexiSpy requires that it is also launched manually on a handheld.

      The product works by secretly passing data from a handset carrying the software directly to Vervatas servers, which then generate “alert reports” that are issued to people who have installed the program.

      Company officials didnt immediately return calls seeking comment on the F-Secure report. However, on its Web site, Vervata specifically addresses the notion that FlexiSpy could be viewed by some people as a malicious program, or even a so-called Trojan attack.

      “FlexiSpy requires [that it is] consciously installed and configured by someone, unlike a virus or Trojan which spreads automatically without any action,” reads the disclaimer, which at no time addresses the potential illegality of secretly monitoring other peoples calls. In the United States, federal laws prohibit the unauthorized tapping of phones.

      According to F-Secures report, FlexiSpy is able to hide itself in the Symbian OS to the extent that it is very hard to find, and the program also requires use of Vervatas application management tools to be completely removed from a handset. Its handset-borne user interface can only be accessed via a special code created by whoever installs the program.

      “What makes this interesting is that FlexiSpy is a Trojan spy written by a company for commercial reasons,” Jarno Niemelä, an F-Secure researcher wrote on the companys blog site.

      “The company even claims that FlexiSpy is not a Trojan; however, the application could easily be used by malware installing it as part of its payload, or a hacker could simply send it to a victim over Bluetooth and trust that there are enough curious people to install it.”

      F-Secure added FlexiSpy to its list of malicious programs and said it will distribute a security patch that blocks the product to its customers.

      Other security researchers observed that FlexiSpy straddles the line between what the industry specifically labels as malware, and products that can be used in a malicious way by users.

      Beyond regional laws that govern the legality of gathering the types of data FlexiSpy offers to provide, ultimately the true nature of such programs is determined more by the manner in which people use them, said Graham Cluley, a consultant with U.K.-based security software and appliance maker Sophos.

      “You imagine that it would be used by jealous boyfriends, but it may also be used inside business,” said Cluley. “However, businesses themselves already employ a number of tools to monitor end user behavior on the desktop, so it could also be something that companies potentially use themselves.”

      Much like programs such as WeatherBug, which some experts view as adware and others see as useful applications, companies will have to decide for themselves if FlexiSpy is something they want to prohibit, he said.

      /zimages/2/28571.gifTo read more about do-it-yourself malware kits, click here.

      “This really gets into the grey area of what some people view as acceptable, and others see as a clear risk for malicious abuse,” said Cluley.

      “Enterprises potentially need to put FlexiSpy on the list of things they look out for, but in the end people like us will need to allow customers to decide for themselves.”

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Matt Hines

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×