by RSS Axelle Apvrille  |  Oct 27, 2009  |  Filed in: Security Research

If smart phones were human, we would most probably compare them to assistants - you know, those organized persons we rely on to cope with our own lack of memory and who will remind us of any important meeting and never lose any valuable phone number.

Others would perhaps compare them to close friends to whom one can tell secrets (your bank PIN ?) or with whom one shares a few holiday or family pictures.

It looks like few of us consider the betrayal of such a close friend, turning him/her into our worst enemy. Yet, this is exactly what mobile phone spyware represent: they can intercept our phone calls, SMS or MMS messages, locate us geographically, listen to our surroundings, take pictures, download contacts, log activity, etc. True, most of us do not have much to hide, but nevertheless we would just plainly hate to be spied. Men once stood up for human rights. As a reminder, the Universal Declaration of Human Rights, article 12, states: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks."

Unfortunately, we, at Fortinet, have noticed an increase in new mobile phone spyware these last few months. Since March 2009, we have added detection for 9 new families, being the first ones to do so among other vendors for at least five (iPhoneOS/Trapsms, Spy/MobileSpy!iPhoneOS, Spy/CallMagic!SymbOS, Spy/Spyiolan!SymbOS, Spy/PhotoSpy!SymbOS). Mobile phone spyware now represent 10 percent of mobile phone malware for Symbian, WinCE and iPhones. And there are more to come. For instance, we even know of development suites dedicated to creating mobile phone spyware.

Nearly all mobile phone spyware are commercial with products shipping from tens to over thousands of dollars. They advertise on markets such as parental control, cheating spouses, employee monitoring or video surveillance. Whether those products are legal or not is actually not the point of this blog entry. The fact is that nowadays those spyware can be found on warez / underground forums, and hence end up (sometimes for free) in the wrong hands of malware authors or other cyber-criminals. The other fact is that we now spot samples in the wild, sent by SMS or MMS.

So, the risk is growing, that's for sure. Keep an eye on your phone, and make sure it's not betraying you.

by RSS Axelle Apvrille  |  Oct 27, 2009  |  Filed in: Security Research