Thursday, July 24, 2008

All it take is an MMS to take control of somebody else’s phone

CRAVE to spy on that crucial board meeting of your rival corporate? Or, perhaps, you want to keep an eye on your party MPs to make sure they are not being lured by rivals to switch sides. Maybe, you have this irresistible urge to snoop on your spouse’s phone-talk all the time. You can do all this and more with spyware available on the Internet. At least half a dozen mobile phone hackers have set up shops on the web.

All it take is an MMS to take control of somebody else’s phone. The latest mobile phone spyware doing the rounds can be installed on a Java phone by just sending an MMS, followed by an SMS containing a string of Java commands that will activate the spyware. Once the spyware is installed, whenever the person gets a call, your phone will beep and you can listen to the conversation. And every time an SMS is send, a copy of it comes to you too. What more, the victim does not even get a hint of somebody tapping on to his or her phone as the Java commands sent via SMS are configured in a way that they don’t appear anywhere on the phone.



Some spyware can even switch on a phone’s camera and recorder from a remote location. “One can have a better look at who all are present in a meeting,” says Rajat Khare, director, Appin Security Labs, a network security company. “These spyware are extremely dangerous in the current cut throat corporate scenario.

Such software can also shutdown a mobile phone instantly or configure it to shutdown every 15 minutes or so,” adds Mr Khare. They can destroy all data on a phone. But they don’t come cheap. A all-in-one spyware that can turn on the camera and recorder even if the phone is switched off (and the screen remains blank!) costs around $850.

The spyware is run by J2ME, or Java 2 Micro Edition, a language used for programming micro devices like PDAs, phones, home appliances and sensors. The J2ME commands sent through SMS are nothing but a string of characters which when keyed in can direct a phone to perform a certain tasks. For instance, keying in *3370# can recharge a mobile phone’s battery to 50% from the reserve charge. Keying in 112 dials an emergency number regardless of whichever part of the world you are in.

Most J2ME commands entered via the keypad are blocked by mobile phone makers. However, spyware directs the mobile phones to perform certain tasks like send SMSes randomly, make calls, send your address book to someone else, make somebody else listen into all your calls via digital J2ME signals. It maybe frightening that you can be spied on so easily. Luckily the handset makers and telecom operators are aware of the menace and are looking for ways to counter them.


A Research In Motion (BlackBerry maker), India spokesperson told ET: “BlackBerry application control rules are designed to prevent installation of specific thirdparty Java applications.

BlackBerry users to which you assign the policy cannot use third-party Java applications to send and receive data from internal servers.”According to Mr Khare, BlackBerry phones offers stronger immunity to spyware. “Other operating systems like Apple iPhone OS 2.0, Windows Mobile or Symbian (for Nokia phones) are attractive grounds for developing hacking applications,” he says. While Apple declined to comment, Nokia said it has a tie-up with F-Secure for virus protection for Symbian. Microsoft said it has a tie up with Symantec and Trend Micro, and Windows Mobile offers a number of security features such as Bluetooth authorisation and end-to-end encryption over a virtual private network.

According to an Airtel official, the company is working towards developing robust anti-key logging applications for protection from spyware.

According to security experts, subscribers should immediately get their SIM card checked by an expert seeing a rise in bills or suspicious activity like slow response time.


Send this to everyone you want to snoop on and feel in control

No comments: