Now, Hackers Master The Art Of Bugging Smart Phones !

[Honest 836]

Now, hackers master the art of bugging smart phones

20 Jul, 2008, 0910 hrs IST, TOI

NEW DELHI: Planning to buy that fancy smart phone? A word of caution: Internet-enabled phones have gaping security weaknesses waiting to be exploited, warn cyber security experts. Any smart phone - including Blackberry, Windows Mobile, iPhone and Symbian phones - can be hacked by a nerd with a little bit of code and some cunning.

And they don't stop at data and identity theft alone. Nor are they content with unleashing viruses on the operating system of your mobile. (Even Bluetooth makes your phone a potential target here.) New Age mischief makers have learnt how to bug your phone and remote-control it. They can steal your bank information, send out a mischievous SMS to your girlfriend (who might just dump you!), copy your top-secret files or simply spy on every call/SMS you make from your phone. In fact, they can even 'modify' your SMSes before these are sent out to your contacts - and you wouldn't even know it.

That's not all. Hackers can also use your phone to spy on you by switching it on. They can activate the camera and eavesdrop on your discussions during a business meeting, or while you are secretly negotiating a lucrative job offer with a rival company. What's more, they can even do an audio/video recording by sending an SMS command.

If you thought all this sounds too far-fetched, think again. Cellphone users in the US are already battling with the problem - 200 mobile viruses are on the loose and more are being spawned every day, says TowerGroup, a US-based research firm.

India, too, is a prime target. Instances of mobile viruses are already rampant and experts say the threat is only going to get worse in a market growing at 11.75% per annum. On last count, there were over 261.07 million mobile connections across the country: more than 50% phones being used are smart phones.

No wonder companies that track internet and mobile security are worried. "Smart phones are easy targets for hackers. And studies show the threat is doubling every six months in India," says Anand Naik, director, Symantec India.

How do they do it? The tactics have evolved with the technology. In 2002, IBM researchers found that a cellphone's security card could be cloned in minutes. A hacker could make calls and route charges to the victim's account. The hacking technique, known as a partitioning attack, analyses power fluctuations in a phone's SIM card, allowing the attacker to read the security codes stored inside.

However, the technique only worked on GSM phones and required that the attacker have access to the phone for at least a few minutes. But hackers have become smarter. Now they simply send a spyware or snoopware through an SMS/MMS or GPRS, email or Bluetooth.

"The message can even be disguised as an SMS from the service provider. The moment you click on it the spyware/virus gets activated. It starts working quietly and the user has no clue that someone is tapping everything he does. Once the virus is in, it can block/modify SMSes, intercept calls, upload data, delete or copy the address book," says Rajat Khare, CEO, Appin Group, an information security company. Spam and SMiShing (SMS phishing) are also beginning to make their way into smart phones.

So what should a user do? A few simple steps could go a long way. Adopt a multi-layered security approach. Protect mobile devices with antivirus, firewall, anti-SMS spam, and data encryption technologies and install regular security updates to protect phones from viruses and other malware. And yes, don't click blindly on any SMS, for someone may just be spying on you on the sly.

[Honest 836]

Mobile spyware: Send this to everyone you want to snoop on

24 Jul, 2008, 0149 hrs IST, ET Bureau

NEW DELHI: Crave to spy on that crucial board meeting of your rival corporate? Or, perhaps, you want to keep an eye on your party MPs to make sure they are not being lured by rivals to switch sides.

Maybe, you have this irresistible urge to snoop on your spouse’s phone-talk all the time. You can do all this and more with spyware available on the Internet. At least half a dozen mobile phone hackers have set up shops on the web.

All it take is an MMS to take control of somebody else’s phone. The latest mobile phone spyware doing the rounds can be installed on a Java phone by just sending an MMS, followed by an SMS containing a string of Java commands that will activate the spyware. Once the spyware is installed, whenever the person gets a call, your phone will beep and you can listen to the conversation. And every time an SMS is send, a copy of it comes to you too.

What more, the victim does not even get a hint of somebody tapping on to his or her phone as the Java commands sent via SMS are configured in a way that they don’t appear anywhere on the phone.

Some spyware can even switch on a phone’s camera and recorder from a remote location. “One can have a better look at who all are present in a meeting,” says Rajat Khare, director, Appin Security Labs, a network security company. “These spyware are extremely dangerous in the current cut throat corporate scenario. Such software can also shutdown a mobile phone instantly or configure it to shutdown every 15 minutes or so,” adds Mr Khare. They can destroy all data on a phone. But they don’t come cheap. A all-in-one spyware that can turn on the camera and recorder even if the phone is switched off (and the screen remains blank!) costs around $850.

The spyware is run by J2ME, or Java 2 Micro Edition, a language used for programming micro devices like PDAs, phones, home appliances and sensors. The J2ME commands sent through SMS are nothing but a string of characters which when keyed in can direct a phone to perform a certain tasks. For instance, keying in *3370# can recharge a mobile phone’s battery to 50% from the reserve charge. Keying in 112 dials an emergency number regardless of whichever part of the world you are in.

Most J2ME commands entered via the keypad are blocked by mobile phone makers. However, spyware directs the mobile phones to perform certain tasks like send SMSes randomly, make calls, send your address book to someone else, make somebody else listen into all your calls via digital J2ME signals. It maybe frightening that you can be spied on so easily. Luckily the handset makers and telecom operators are aware of the menace and are looking for ways to counter them.

A Research In Motion (BlackBerry maker), India spokesperson told ET: “BlackBerry application control rules are designed to prevent installation of specific third-party Java applications. BlackBerry users to which you assign the policy cannot use third-party Java applications to send and receive data from internal servers.”

According to Mr Khare, BlackBerry phones offers stronger immunity to spyware. “Other operating systems like Apple iPhone OS 2.0, Windows Mobile or Symbian (for Nokia phones) are attractive grounds for developing hacking applications,” he says. While Apple declined to comment, Nokia said it has a tie-up with F-Secure for virus protection for Symbian.

Microsoft said it has a tie up with Symantec and Trend Micro, and Windows Mobile offers a number of security features such as Bluetooth authorisation and end-to-end encryption over a virtual private network. According to an Airtel official, the company is working towards developing robust anti-key logging applications for protection from spyware.

According to security experts, subscribers should immediately get their SIM card checked by an expert seeing a rise in bills or suspicious activity like slow response time.

“When sending confidential data via SMS, a SMS encryption software should be used,” says Mr Khare. To be on the safer side it will help to get the mobile phone checked occasionally to keep the spies at bay.

[prathod 3]

Honest pai, aise khabar yaha mat dalo dost, dusman bhi aajkal rimweb par aate hai

Edited July 23, 2008 by prathod

[Honest 836]

^^^

My dear Pankaj but this news is the need for the society. All our rimwebians and guests who read this thread, will be alerted atleast. So that they could take care from such kind of spywares in the near future.

Regards.

[rajat8676 0]

This is awsome. To switch on someone's mobile camera and snoop around is simply brilliant. Bad but brilliant.