With the advent of smartphones on operating systems such as Symbian, Windows, MeeGo, Android, and iOS, applications have emerged that exploit software vulnerabilities to discreetly obtain information about the user. Such a phone eavesdropper can work for an unlimited period of time while providing extensive surveillance capabilities.
What is Spyphone?
Spyphone is nothing more than a smartphone spyware programme. Various versions of Spyphone have been on the market practically since the very beginning of smartphones. Environments such as Symbian or MeeGo are now a thing of the past displaced, and with them the older phone models and the spyphone applications written for them. However, that doesn’t mean it has become safer, as new Spyphone programmes have emerged for Android and iOS, and worse, even more effective than the prototypes.
While the iPhone manufacturer did a lot to ensure that its operating system did not invite hackers in with an open door, Android, by the very fact that it is an open environment, had no such safeguards. All it took was a small change in settings to make it possible to install software from outside the official Google Play resources.
For some time now, Google has been trying to combat the possibility of conversational surveillance by limiting the permissions of apps and setting the priority of access to resources. However, for the time being, ordinary users who have used programmes like ACR or its ilk are suffering. These programmes have lost their main functionality, which was to record conversations in progress. Spyphone is still doing well.
How does phone tapping work?
Phone eavesdropping most often exploits a vulnerability to access resources such as the microphone in apps and popular instant messengers. The infamous leader here is Whatsapp, which not only lacks sufficient security against interception of information, but additionally has a number of holes that allow the device to be infected or taken over from the outside. Whatsapp is susceptible to hostile actions that do not require any action from the smartphone user, this is known as Zero-touch.
The low level of security and the freedom to install from unknown sources on Android are exploited by spyware developers. Spyphone runs in the background, recording much of the smartphone user’s activity. Intercepts can include:
- SMS,
- MMS,
- photos and videos taken and transmitted
- instant messenger chats
- web pages viewed,
- logins and passwords entered
- e-mails sent,
- GPS position,
- conversations carried out in the vicinity of the phone,
- taking control of the phone,
- access to contact lists
- fraudulent SMS messages
- and many more.
The detailed list of exposed activities is different for each smartphone model and the spyware application used. In addition, each update can completely change the symptoms of the infection and the vulnerability of the smartphone to spying.
Interesting fact: Mobile phones can also be eavesdropped via the mobile operator, but in this case such activities can only be carried out by or at the behest of the authorities.
Is it possible to bug a landline?
Landlines are also vulnerable to eavesdropping. While there is no software on them and Spyphone cannot be used, the way information is transmitted is vulnerable to surveillance. All that is needed is to place a pass-through on the cable, which will send a conversation by radio or record it on the built-in memory. Such eavesdropping will require unobstructed access to the room where the telephone is located or to the location of the cord. Landline telephones are becoming a thing of the past so this method is rare, but possible, so checking the telephone lines is a standard activity during any anti-tapping inspection.
Interesting fact: The security of VOIP conferencing solutions is dependent on the security of the network within which they operate. Intercepting information via this route is a difficult task and requires extensive administrative access to the facility’s ICT network.
How do you know if your phone is bugged?
A smartphone user with privacy concerns should look out for unusual behaviour on the device, such as:
- spontaneous activation and deactivation of the icon that says GPS or data packets are being used,
- the activation of the light next to the camera,
- any icons that tell you that a resource is being used or a feature is active, and that are not a direct result of the phone user,
- reverberation or interference with an ongoing conversation,
- a drop in the phone’s performance,
- faster power consumption,
- extensive resource permissions for applications whose use we do not know,
- allowed installation of applications from unknown sources,
- unknown applications with a high data transfer rate,
- power management restrictions for unknown applications,
- information about ‘rooting’ the device.
Due to the multitude of smartphone models available and the dynamics of software variability, it is difficult to pinpoint unambiguously the symptoms of a bug installation. Only by subjecting the smartphone to IT analysis can the presence of Spyphone be ruled out or confirmed.
Phone tapping – how to avoid it?
Firstly, ensure security by restricting unauthorised access to your smartphone. Also, secure your device against unauthorised unlocking and software changes. Fingerprint or gesture locking can be easily broken e.g. while sleeping, and the gesture leaves smudges on the display that will be used to guess the character line. Remember not to install applications from outside the official source, and even less so those with a low reputation. If in doubt, we recommend a professional spyphon check as a starting point for securing your device.
Want to know more about eavesdropping and what to do if you suspect someone is eavesdropping on you? Welcome to the entry.