i posted this in the "News" section but wanted to alert all bros to what is POSSIBLE on a mobile phone. yes, someone would have to know about the software and get access to your phone to install it. but while there are other programs out there, this seems to be the most comprehensive.

if you're at all interested in what can be done by installing a program on a mobile phone the user will never know is there, take the time to read this. it covers the tech, the results, and the distribution and sales channels. the spyware is not cheap, so i guess two things: the company is earning a nice revenue-stream from it, and there are copycats. read on:
========================
http://forum.sex141.com/eforum/viewthread.php?tid=35361

Mobile Spyware Raises Ethical, Legal Questions
By Michael Kan, IDG News    Dec 1, 2011 4:00 am
http://www.pcworld.com/article/2 ... egal_questions.html

In 2003, Atir Raihan began work on a product that has gone on to gain infamy in the world's security industry. His idea: to build a spyware program for mobile phones that would allow people to catch a cheating spouse.

"I remember eight years ago, having a drink with friends and telling them about my personal situation. It involved infidelity with an old girlfriend," Raihan recalled recently. Wouldn't it be good, he thought, if there were a technology that could help him get to the bottom of it?

Seeing a potential business opportunity, as well as a solution to his relationship dilemma, Raihan and his Thailand-based company, Flexispy, developed a product of the same name that can secretly track calls and texts made to and from a mobile phone.

Flexispy can't be installed remotely, so the user has to get hold of the phone and download the software to the device. Once it's there, the program logs all texts and calls on the device. It can also allow a remote party to listen in on a conversation, and to use the GPS to track a person's location.

Since its release in 2004, similar products have cropped up from companies such as Mobile Spy, which is marketed as a way to spy on children and employees, and MobiStealth, aimed at parents, employees and law enforcement agents.

While the products are used worldwide, they seem to have been doing particularly well in China. About 10,000 users there are being "infected" with Flexispy each month, estimated Zou Shihong, vice president with mobile security firm NetQin.

Within a small monthly sample of the company's Chinese clients, 1,000 users were found to have Flexispy installed on their phones, Zou said. In contrast, the company found about 300 cases in a sample of clients in the U.S., according to a NetQin chief scientist.

Products like Flexispy raise obvious ethical and legal questions. While simply buying such software is not illegal in most countries, how it is used can put users on the wrong side of the law. Wire-tapping is illegal in most countries without a court order, for example. Tampering with a person's phone might also lead to trouble.

"These products violate privacy," said Zhang Qiyi, a lawyer in China, where the government has tried to ban Flexispy with mixed success.

Once the program is installed, data from the handset is secretly routed to a server operated by Flexispy. The user can log into the server to read messages and check call logs. The software can also activate the phone's microphone, so it can be used as a bugging device to listen in on nearby conversations.

An annual subscription costs between US$149 and $349, depending on the features. It is available for most major phone OSes, including Apple's iOS, Google's Android and Nokia's Symbian.

In 2007, a year after it went on sale in China, authorities there stopped one of its distributors from selling the product. The word "Flexispy" has even been blocked from searches on China's popular Sina Weibo social networks.

But Flexispy says numerous websites in China are selling imitations of its software. "In a most amazing case, we found a perfect Chinese clone of our website, selling a cracked version of our product," said Marc Harris, a Flexispy spokesman.

Spyera, a similar product, has also been doing well in China. Chinese users account for 18 percent of its customers, up from 6 percent just two years ago, according to the company's owner, Mihat Oger. In contrast, the U.S. accounts for 38 percent of its customers.

"Our sales increased 17 percent from 2009 to 2010 and increased 32 percent from 2010 to 2011," Oger said, adding that much of the growth has been driven by increased smartphone sales.

Flexispy and Spyera said they have taken steps to keep their products legal, such as designing them so they can't be installed remotely. Flexispy warns customers that using its product without the consent of the person being targeted could be illegal, and it highlights what it says are legitimate uses of its product.

"Our marketing is focused on the legitimate uncovering of a cheating partner or the protection of a child's activities on a mobile," Harris said. "However, it is a fact of life that virtually everything can be used illegally. ... The responsibility is with the user, not the product."

Security vendor F-Secure has labelled Flexispy as malware in the past. Still, while such programs have the potential for misuse, in most cases that have been investigated Flexispy was being used to spy on a spouse rather than something like industrial espionage, said Mikko Hypponen, the chief researcher at F-Secure.

Tyler Shields, a researcher with security firm Veracode, noted that because the data from phones is sent back to a server operated by Flexispy, its usefulness for criminal enterprise is limited. "If I were a malicious hacker, I wouldn't want all the stolen data to be sent to a Flexispy server. For a criminal, it's not as much of a useful tool."

In China, Flexispy and its variants are better known as "XWodi", which translates as "X-Undercover." Online searches reveal a long list of sites claiming to sell Flexispy and similar products. Most of these sites, however, are scams, and selling fake spyware products, said Li Tiejun, an anti-virus engineer with Chinese security vendor Kingsoft.

"Some are real," he said.

The danger of Flexispy being secretly installed on a user's phone, however, is minimal compared with more malicious spyware reaching handsets in China, he said.

Each month, Kingsoft is finding more sophisticated spyware coming out of the country, Li said. In August it discovered a program that comes buried inside an apparently innocuous Android application, and which recorded phone calls and text messages without the user's knowledge. It's unclear why the program was developed. The creators might have been using it to collect data for marketing, which they could then sell to interested parties, Li said.

Several vendors of China's XWodi were contacted for this story, but all declined to be interviewed. Flexispy and Spyera would not reveal their exact sales figures. But aside from catching cheating spouses, the companies say their spyware products are generally used to monitor employees or track the activities of young children, teenagers, and elderly people unable to care for themselves.

Raihan maintained that he never intended his product to be used for illegal purposes. "There's enough business in the legitimate market. There's no need for it to be used in other situations," he said. Raihan later sold his Flexispy business to another company.

Whatever its merits, he is proof that the software can achieve its goal. After helping to build Flexispy, he gave his girlfriend at the time a mobile phone with the software installed on it. "Yes, she was cheating," he said. "I've used it ever since. It really opened my eyes."

O.K., first off, what kind of a pansy-assed puppy-dog loser do you have to be to go and WRITE A PROGRAM when you think your GF is cheating on you??   Hell just dump her and move on to the next girl, OR, better yet, get enlightenment and tell her how much you love an "open" relationship and would she be up for a threesome?

As to spyware on our phones, is the only solution to go back to a non-smartphone (dumbphone?)?  Would thatwork?  Or would one have to go all the way back to analog?

As it's gotten more and more acceptable for tech companies to poke and prod us for intel to give their marketing departments (Google reading emails, Facebook setting 'like' on anything you click, RFID tracking) it seems like it's now open season on all personal privacy.  Even the goon who programmed Flexispy called illegally wiretapping one's spouse a "legitimate" use of the software!  Not in California buddy, you will land your ass in jail for thatshit.

GMSV (Good Morning Silicon Valley) ran a story yesterday about a marketer's version of spyware being loaded on smart phones to tract a user's location, texts, calls and online purchases.  Imagine getting ahold of that list of names.  It would make a bigger story than some Madam's call list.  I can already see some reporter somewhere trying to figure out how to hack that database.

Here's the GMSV story and the link to it in the SJ Mercury news http://blogs.siliconvalley.com/g ... d-is-it-legal.html:

Smartphone tracking: Who’s affected? Is it legal?
POSTED BY LEVI SUMAGAYSAY ON DECEMBER 1ST, 2011 AT 8:58 AM | CATEGORIZED AS UNCATEGORIZED | TAGGED AS ANDROID, CARRIER IQ, IPHONE, MOBILE, PRIVACY, TRACKING, WIRELESS

Following up on our post yesterday about software that tracks most everything smartphone users do
— such as the numbers they dial and the text messages they write — and which doesn’t seem to be able to be turned off, here’s the latest :

• Which phones, which carriers? References to the software, Carrier IQ, have also been found on Apple’s iPhone, according to the Verge. The original discovery, by an Android app developer, focused on Androids, BlackBerrys and Nokia mobile phones. But a paidContent report today says Nokia denies that its phones are compatible with Carrier IQ software, which is made by a Mountain View company. In addition, another Verge report indicates that devices developed with Google, such as the Nexus smartphones and the original Motorola Xoom tablet, do not have the software installed. This indicates that Carrier IQ is installed by manufacturers and/or carriers, supposedly to “improve the user experience,” according to a recent Carrier IQ statement.

As for the carriers, a Verizon spokesman said on a company Twitter account this morning: “To be 100% clear: Carrier IQ is not on Verizon Wireless phones.” GMSV has sought comment from AT&T and Sprint. And according to the paidContent report, wireless providers outside the U.S., including Telefonica and Vodafone UK, say they don’t collect data via Carrier IQ.

• What about the legal issues? Andy Greenberg of Forbes talks to a former Justice Department prosecutor who says that Carrier IQ and carriers that use it may have run afoul of federal wiretapping laws. “When I was at the Justice Department, we definitely prosecuted people for installing software with these kinds of capabilities on personal computers,” Paul Ohm, now a professor at the University of Colorado Law School, told Forbes.

And here's how you turn off Carrier IQ reporting, but that still doesn't remove it from your phone:
http://lifehacker.com/5864159/ca ... -how-to-turn-it-off

[ Last edited by  TheButler at 2-12-2011 02:12 ]

CarrierIQ, has a different modus operandi from flexispy. They are what is known as a "supplier of mobile intelligence" and their primary customers are handphone manufacturers and mobile carriers.

How they do their business, is that they tell the manufacturers and carriers that to give customers a good experience, they need to know what the customers are experiencing in using their services. For example, number of dropped calls per thousand, usage report of why they use phones etc. Then they ask for permission to embed their tool into the OS of the device.

While the intentions are not malicious, the nature of the tool is that it can be used for abusal. The tool records everything, and sends over the relevant information that the telcos ask for via data. A rogue employee can ping the handset to send more probably, or a hacker who reverse engineers this solution might be able to figure out how to get more information (e.g. credit card information) remotely.

as more technology becomes available to consumers, the more sensitive info we carry on our laptops and smartphones, the more we log onto Wi-Fi networks, the more vulnerable we are. it doesn't mean we shouldn't use these tools. but it means we need to be aware of the potential risks. as mrfast pointed out, CarrierIQ is primarily a diagnostic tool that should allow mobile-operators to monitor their networks better. but like anything, it can be used for inappropriate purposes. if using an iPhone, upgrade to iOS 5.0.1 as it's turned off by default (u can find the switch and turn it on if u want). wander mentioned how to scrub yr BlackBerry.

software like Flexispy must be deliberately installed on a phone, it's expensive and it's for spying.

some more info on CarrierIQ from security firm Sophos--this firm is sharp and their "naked security" blog is well worth reading. here, the CIQ folks explane their intention, and the Sophos guys point out the possible vulnerablities:
===============
http://nakedsecurity.sophos.com/ ... spying-allegations/
"While it might seem harmless, we just raised concerns about this same situation regarding the Amazon Kindle Fire tablet and its use of the Amazon cloud logging all URLs being visited.

While websites should not assume HTTPS URLs are always encrypted, some do. This can lead to usernames, passwords and other unique identifiers being embedded in a URL and accidentally disclosed to cell phone carriers through applications like Carrier IQ."

OK, fine. let's look at some more serious stuff. here's a good site:
http://www.phonespyware.org/

what spyware CAN do:
http://www.phonespyware.org/how-does-phone-spyware-work/

and some ways to detect it on yr phone:
http://www.phonespyware.org/phone-spyware-detection-tips/

although seriously, the best method is to think: who wd spend a lot of money to install spyware on my phone?? wd they even know about this software?

a few more general security links. i do believe it's best to stay informed rather than freak out and wrapping yr Samsung in tinfoil. functionality leads to risks. but for many of us, the biggest danger is having some fotos on yr phone or computer that someone might want to check out while yr in the shower or wherever...
=============
Q&A With Security Guru Mikko Hypponen (head of F-Secure, a Finnish company that has been researching mobile phone viruses for a decade...u may know that Nokia is also a Finnish company...):
http://www.technewsworld.com/story/73828.html
==========
roundup of security news sources:
http://blogs.cio.com/security/16 ... sources-be-thankful

JtB

I am also assuming if you are using prepaid cards for the hobby, you should also experience a faster than expected decline in your pre-paid credit than your normal usage would suggest as all this data has to get transmitted - this is probably a sign that something is up with the phone?  Could be a method to see if any unwanted spyware is attached to the phone.

I think its a not a great idea to use a contract phone, or phone that anyone else knows about for hobbying anyway.  This way, you can ditch phone or sim or both easily without having to explain away a new phone or new number.

@ imbala: i'm not an expert on this stuff, but the URL i listed above indicates that battery usage, not data usage, is an indicator.

also, be aware that while Carrier IQ is drawing a lot of fire, it is not a dedicated spyware program like Flexispy and its competitors. those programs are designed specifically to turn a mobile phone into a spying device. if yr SO or whoever pays to have something like that embedded on yr phone, you've got problems this forum likely can't address.

we are talking about privacy, and the URL below aggregates stories related to data-privacy:
http://www.computerworld.com/s/topic/84/Privacy

yes, Carrier IQ is drawing the share of media attention, but that doesn't mean other privacy and security concerns don't vanish. paying attention to your Facebook profile (did u put yr real name, pic or birthdate on it when u signed up?)? using Adobe Reader to open files from wherever on your Windows machine? clicking on embedded links in emails? don't worry about Carrier IQ--u may have bigger problems.

but politicians love an easy target, so:
http://www.computerworld.com/s/a ... estigate_Carrier_IQ

"The outcry over Carrier IQ's mobile-phone tracking software continued Friday, with a U.S. congressman asking the Federal Trade Commission to investigate the company...On Friday, Rep. Edward Markey sent a letter to the FTC asking it to investigate Carrier IQ. "I have serious concerns about the Carrier IQ software and whether it is secretly collecting users' personal information, such as the content of text messages," he said in a statement. "

if mobile phone privacy is paramount, use a cheap "featurephone" and a prepaid SIM. everyone wants personal details nowadays, not so much because they want to track yr mongering activities, but because they want to track yr buying habits so they can send u targeted ads. if yr constantly surfing jewelry sites and checking prices for diamond rings on eBay, Chow Tai Fook might want to know that, and maybe the organizers of the Hong Kong Bridal Exhibition (maybe not the best example for a mongering site, but u get the idea). Facebook wants data-analytics on their massive user-database because they may IPO soon. so of course, the number of hours x million HKers spend checking FB on their smartphones is a stat The Zuck wants to have. Yahoo wants to know how much time u spend on their network as both Microsoft and Alibaba have expressed interest in acquiring the company.

there's a lot of $$ in play here and none of it is related to yr pecker and pink-lit hallways. on that level, yr data isn't critically important. if a certain someone finds text msgs on yr phone, now THAT could be a problem. so i wd be more concerned about where yr phone is, have u password-protected it, who's got the number and are those fotos u took in the hotel still on it, rather than worrying about Carrier IQ.

data-privacy is a problem now and will continue to get worse. in Hong Kong, the Office of the Privacy Commissioner for Personal Data (PCPD) has established the Personal Data (Privacy) Ordinance which came into force on 20th December, 1996  (PDPO) and you can read the full text here:
http://www.pcpd.org.hk/english/ordinance/ordfull.html

the PCPD regularly reviews this ordinance and you can read the Privacy Commissioner's submission on Personal Data (Privacy) (Amendment) Bill 2011 here:
http://www.pcpd.org.hk/english/infocentre/press_20111108.html

JtB