Spy program snoops on cell phones

New software that hides on cell phones and captures call logs and text messages is being sold as a way to monitor kids and spouses. But one security company calls it a Trojan horse.

The FlexiSpy application captures call logs, text messages and mobile Internet activity, among other things. The software, released at the beginning of March, sells for $49.95 and is advertised by Bangkok, Thailand-based Vervata as a tool to monitor kids and unfaithful spouses. The data captured is sent to Vervata's servers and is accessible to customers via a special Web site.

Similar surveillance software for PCs already exists and has raised the ire of groups fighting domestic violence, who fear it may be used by abusive spouses.

FlexiSpy has attracted a different kind of criticism from security company F-Secure, which has labeled the software a Trojan, or a malicious program that disguises itself as something innocuous.

"This application installs itself without any kind of indication as to what it is," Jarno Niemela wrote on the Finnish antivirus maker's corporate blog Wednesday. "And when it is installed on the phone, it completely hides itself from the user."

FlexiSpy could be used by miscreants as part of malicious software that targets phones, Niemela wrote. Alternatively, an attacker could try sending the program to phones via a Bluetooth connection and trust that there are enough curious people to install it. F-Secure has updated its security software for mobile phones to detect the program.

Vervata in an e-mailed statement late Wednesday insisted that FlexiSpy is not malicious. ""FlexiSpy is not a Trojan horse, nor a virus, and does not require the purchase of F-Secure antivirus products to remove it," the company said. An uninstall option is provided, Vervata added.

"FlexiSpy is activity monitoring software that needs to be consciously installed by a human who knows exactly what the software does," Vervata said, to distinguish its product from a Trojan horse. "It does not self replicate, it does not pretend to be something it is not, and it always requires conscious human action for installation."

Sales of FlexiSpy have "exceeded all expectations," Vervata said, without disclosing any specific numbers.

FlexiSpy is available for cell phones that run the Symbian operating system, such as Nokia Series 60 handsets. Vervata plans to release by the end of April a version for Research In Motion's BlackBerry, as well as for devices that run Microsoft's Windows Mobile Pocket PC operating system, according to the company's Web site.

Vervata is still working on "FlexiSpy Pro," which will log e-mail and multimedia messages, in addition to the other data, according to the company's Web site. That version will also include a "monitoring" feature that lets the user call the target cell phone from a preset number and listen in on what's going on in the background, in much the same way a baby monitor works.

[GEBERWEIN]

Cell Phone Spying

They can insist all day and week but the truth is the use of the product in a computer or thelephone is illegal. In my home state of Arizona it's called Felony! Any electronic device that is used to evesdrop on a conversation trap key strokes or acts as a pin register may not be used by a third party (regardless of relationship) without the consent of at least one party to the communication or a court order can get serious jail time. And, in this day of ID theft and other spying isues the case would have to be moved to Antartica with a jury of Penguins before anyone would get a fair tiral on this planet.

[FlexiSPY]

FlexiSPY is not a Trojan

We at Vervata read the reporting by Jarco on F- Secure's website and have the following response.

"FlexiSPY is not a Trojan, nor a Virus and DOES NOT REQUIRE the purchase of F-Secure Mobile Antivirus products to remove it. An uninstall option is provided for the User, so the application can be removed at any time. Configuration settings are also available to allow frequency of connections, thereby allowing the user to minimize network connections to once daily if required.

Lets look at the facts starting with the definition of Trojan.

A Trojan is software that masquerades as something it is not. It will hide its actual private functional payload under the guise of its public face. A Trojan is uninstalled by deceiving a human that the program will do something totally different to its actual purpose. A Trojan does not normally automatically install itself without conscious human intervention.

A Virus is a software program that spreads itself automatically without any involvement from a human. It is self-replicating, malicious code that attaches itself to an application program or other executable system compoent and leaves no obvious signs of its presence.

FlexiSPY is activity monitoring software that needs to be consciously installed by a Human, who knows EXACTLY what the software does. It does NOT self replicate, it does NOT pretend to be something it is not, and it ALWAYS requires conscious human action for instalation.

Like any other monitoring software there may be a possibility for misuse, but there is nothing inherent in FlexiSPY that makes it illegal or
malicious, and Vervata would like to point out that F-Secure comments categorizing FlexiSPY as a Trojan are completely incorrect."

Sincerely,


Vervata

[Jackson Cracker]

...but it definitely sounds like spyware

You say it has to be installed by a human, but that
could be anyone who has access to the phone.

In fact, I don't really see why anyone would want to
install this on a phone that they own and use.

[rbochan]

oh?

via wikipedia:
"a Trojan horse is a malicious program that is disguised as legitimate software."
http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29

from TFA:
"This application installs itself without any kind of indication as to what it is"
"The FlexiSpy application captures call logs, text messages and mobile Internet activity, among other things...is advertised by Bangkok, Thailand-based Vervata as a tool to monitor kids and unfaithful spouses."

Yeah, and Back Orifice was marketed as a "remote administration tool"

If it looks like a duck...

[umbrae]

Sort of agree...

I can agree that this is not a virus or a trojan. However, it is SPYWARE and could easily be turned into a virus or a trojan. The key: DO NOT HIDE YOUR SOFTWARE WHILE RUNNING. Anything like that is not good and will likely get you in trouble. I should be able to see it, kill it, and uninstall it.

For parents that want to use it, then feel free to allow the program to notify the installer of its removal (with notification to the phone user of course).

[Inetgate]

What dictionary do you quote for Trojan definition?

I agree your comment that FlexiSPY is not a Virus.
But I can't agree your comment that it is not a Trojan.
I think this disagreement is caused by difference between Trojan definition that you quoted and I referred.
(I read its definition at wiki.)

So, would you show reference that you quoted?

Sincerely,
Shinichi

[Inetgate]

What dictionary do you quote for Trojan definition?

Dear Vervata:

I agree your comment that FlexiSPY is not a Virus.
But I can't agree your comment that it is not a Trojan.
I think this disagreement is caused by difference between Trojan definition that you quoted and I referred.
(I read its definition at wiki.)

So, would you show reference that you quoted?

Sincerely,
Shinichi

[Jeremiah256]

WE SUCK!

The company is not really the problem. True, they are feeding the beast, but that beast is us. No wonder no one cares about the government spying on us...we're doing it ourselves. I'll bet that after this article gets published on say, digg.com, the company gets record downloads of their spying product.

In this information and immediate gratification age, we'll use everything we can because we can. We as a society have no class - just look our media.

I give maybe one week before someone has some poor fools intimate phone calls posted on the web.

[rallynochaos]

A Keylogger for Cell Phones, what will they think of next?

This is a beautiful program. A keylogger for cell phones. Next this program will probably record everything each end of the line says. What about people who pay their bills over the phone? Many phone services ask for your name, adress, and last 4 digits of your social security number to confirm your identity when paying your bill over the phone. Next this program will be logging all that.

Cell phone vendors will be installing this program on new phones before selling them to the public. Then they will be able to obtain personal information about the owner. Could this eventually lead to credit card fraud and identity theft? Next this program will send all that information straight to their email. All the vendor will have to do is log into his email inbox and download the MP3 of your last phone conversation. Is this product really safe?

[stalkedculberg]

cell phone listening

This is the united ststes,people should have privacy.All of my privacy has been taken because of these "spy" devices.My husband is paranoid,and will use it on others besides me.

[rk287]

www.Phone-Spy.net

I went on flexispy's website but it is very expensive. So instead I bought another software, which allows to listen to calls and also get sms forwarded, and it is much cheaper. http://www.Phone-Spy.net

[kevmarqramos]

There are cracks out there..imagine having kids access those kinds of malware. A friend of my friend has probably the worst case ever. She's from the Philippines. With their cybercrime laws still pending in their you could just imagine what she's facing now.

http://unwitting.multiply.com This is shocking.

[idontwanttoknow]

how did it work out? what do you have to do to the phone you want to capture the info from?

[ny17]

can the software you got let you view cell phone internet use and key stroks?

[kevmarqramos]

http://unwitting.multiply.com

Check out the link above. WORST CASE OF CYBERSTALKING I HAVE ENOUNTERED ever.

22 year old female from the Philippines. Poor girl.

[kevmarqramos]

http://unwitting.multiply.com

Check out the link above. WORST CASE OF CYBERSTALKING I HAVE ENOUNTERED ever.

22 year old female from the Philippines. Poor girl.

[rescuefire]

If used as a way to control a child's use and protect their safety I'm all for it. Let's not get carried away though. Even though software or hardware is created to be used a certain 'useful' way there's ALWAYS a way someone will mess with it , someone who will abuse the privilege...hence the need for parental control on text messages and picture messages. Ya can't fix stupid I guess.

[BrigitteJeter]

This is A-M-A-Z-I-N-G. I have been able to obtain information that was not able to be found any other way. Thanks! Brigitte Jeter jeterslovejesus@aol.com

[ny17]

you said this is amazing, how often did you have to go on the cell phone you wanted information from. Was it just the one time to install the program? Or can it be remotely installed?