Tapping, but not my feet - Circuit Magazine

In this article we will look at the rise in phone tapping, the use of Mobile Telephone monitoring software (spyware), its effectiveness as an espionage tool and its cost vs potential rewards.

“People are three times more likely to open a message attachment on a mobile device than they are on a desktop computer because they think it’s safe”

Part of our remit to all of our clients is to educate them and keep them abreast to any new trend or threat, from a rise in theft due to economic turndown to the more targeted corporate crimes such as acts of espionage.

Many companies spend hundreds of thousands of pounds each year on security and IT security to ensure that secrets stay exactly that, secret. If you were to leak one average days’ worth of emails or text messages to your largest competitor, just how much damage might that cause?

Intelligence at what cost?
The use of mobile/cell phone devices and their impact on our lives, communication habit and behaviour is exactly what will define this short period history. According to the Pew Research Internet Project, as of January 2014, 90% of Americans (adults) have a cell phone and 58% own a smartphone (Pew Research, 2014) and this is exactly how the majority of people access business data, communications and emails.

It’s not just a phone anymore, it’s a computer, more powerful than the home computers of the late 1990’s, the Samsung Galaxy S5, for example, has 2GB of Ram and a 2.5GHz Quad-Core processor.

“Smartphones” have totally changed human behaviour. According to one 2012 academic paper by James Roberts, Ph.D., professor of Marketing at Baylor’s Hankamer School of Business, people (on average) check there mobile/cell phone every six minutes during the working day.

Tapping is not a new threat and is being more widely used as an espionage tool due to the huge amount of intelligence that can be gathered with just one well-placed phone. Phone tapping through mobile telephone or Cell phone monitoring software is now very, very widely available and has been a growth sector since the mid 2000’s.

A Google search for “monitoring software for mobile phones” gives hundreds and hundreds of results, it’s only when you start to do some basic research into this software that it becomes very scary. Less than £100 is what you can pay for software to monitor a mobile/cell phone. And, this ‘tapping’ software can monitor ALL user activity on that device, covertly.

Worried yet? Well, they cannot only see all of that information, they can activate the GPS and see your exact location, that plus see and have access to any files on your device this, of course, includes files in the form of email attachments.

There have also been cases of people stealing photographs off mobile devices for blackmail purposes (Sextortion) or for example the theft and release of photos of Scarlett Johansson.

“Some software can block actions such as calls to certain numbers or website access or even wipe the phone remotely. Most people would be totally buggered at this point!”

What is it possible to monitor?
Some phone monitoring software does allow users to record and monitor calls. Generally, most software packages include the following as standard:
• SMS activity
• Ingoing-outgoing call log
• Location/GPS
• Internet browsing activity (URL’s)
• Pictures & Videos
• Emails
• Sim-Card Changes

Some monitoring software offers the user (the person doing the tapping) the option to command the device to take photos, video, audio (background audio and calls), to view the target devices screen or as covered above, to wipe the device. So, this software that is available for under £100 can be used to turn your mobile/cell phone or device into a GSM eavesdropping device, that you are carrying everywhere and regularly charging.

How?
Much of this software is marketed as “parental control software” or “cheating spouse” etc. and is legally sold and marketed as such.

Tapping/monitoring software is installed directly on to your telephone or device normally by having direct access to said phone or device. That said, some companies make claims of offering “remote install” spy/monitoring software. At this present time, I do not think that this is technically possible on some models of phone but it may well be on others.

Installation of software is very, very quick and can be done from start to finish within 5-15mins depending on the software and the device.

After signing up, purchasing the software and installing it, monitoring is normally done by logging on to a server. It really is that simple and is sold mainly as a subscription service.

Is this a viable espionage tool?
100% yes, absolutely! Mobile phone monitoring software, if installed correctly, is a great, cheap, and easy tool for espionage. The most practical way of deployment would be gifting someone with a “new” phone. Installation and testing on a target phone might prove problematic if the phone could only be obtained for a short period unless of course, it went missing was then found an hour or day later – as often happens.

A £100 tapping tool that would enable monitoring of your email, telephone calls and texts, plus any mobile internet access; and people worry about Government monitoring!

BYOD – Bring your own device
One very obvious threat to companies is individuals taking their own devices into the place of work; known as “Bring your own device” (BYOD). BYOD is a huge risk to companies, from employees bringing in and using USB memory sticks to employee-owned devices being used and sanctioned to receive work emails. When it comes to phones infected with monitoring software being introduced into this “controlled” environment, then risks increase especially when we consider file sharing.

“Users are less likely to report a lost device to IT when it’s their own for fear of losing their personal data, along with any company information, when the device is wiped.*”
*(Deloitte CIO Journal, 2014).

Many businesses are well versed in Mobile Device Management (MDM) and there are many programmes and tools that aid in managing the use of BYOD’s across corporate networks. But with many companies and organisations now moving more and more towards “Cloud computing” the mobile device remains a weak link.

It is imperative that IT Managers have an understanding of phone monitoring software and bear this in mind when it comes to managing a BYOD policy. The risks that tapped phones pose should not be underestimated, once they have access to the corporate network or access to corporate data.

Many savvy IT Managers in managing the BYOD issue are setting up “Shadow IT” systems, yet this is no defence to the damage caused by phone monitoring software, in that documents that are shared by the infected device or via sync’d email are going to be accessed and viewable by any “attacker”, i.e. the person or persons that have infected said mobile phone.

Just the simple loss of a phone/device can be catastrophic. US technology giant Symantec Corporation in 2012 conducted a social experiment with 50 “lost” smartphones spread over five North American cities. Prior to the strategic placing of these 50 smartphones, they were all loaded with what Symantec calls “a collection of simulated corporate and personal data”. The smartphones were loaded with tracking and monitoring software to enable monitoring once the devices were found.

The findings were shocking:
• 83% had attempted to access business apps
• 89% had attempted to access personal apps
• 96% had attempted to access at least some type of data
• 50% of finders contacted the owner and offered to help return the phone

The most popular apps accessed were:
• Contacts
• Private Pictures
• Social Networking
• Webmail
• Passwords

The full report titled “The Symantec Smartphone Honey Stick Project” is available online.

Simple advice
1. Never accept a mobile telephone as a gift. Not ever.
2. Never leave your telephone unattended.
3. Never communicate ultra-sensitive information via unencrypted electronic means.
4. Ask your IT department what steps they are taking regarding this issue.
5. If you lose a phone/device that you use for work – report it to IT immediately.

Tell-tale signs of tapping
1. Drain in power. Does the device lose/use more power than normal?
2. Strange activity. Is the device functioning as is should?
3. Rebooting or powering down. Does your device reboot itself?
4. Odd text messages. Coded/scripted text messages?
5. Phone errors? Often spyware will cause errors to the phones operating system.

Is phone tapping/monitoring software invisible?
The simple answer to this is yes, most software it is hidden and invisible from “normal user” activity, in that a normal user would not even know where to start looking for software logs and programmes.

By: Alex Bomberg
If you would like to know more about this threat in more detail then please contact us via
info@international-intelligence.co.uk or
info@international-intelligence.fr

Share17

17 Shares

Leave a Reply Cancel reply

Zelenskiy Denies Ukraine’s Involvement in Alleged Kremlin Drone Attack

Ukrainian President Volodymyr Zelenskiy has refuted Russia’s claims that Ukraine was involved in a drone attack on the Kremlin, which was allegedly aimed at killing Russian President Vladimir Putin. Zelenskiy stated that Ukraine fights and defends its territory, not attacking Putin or Moscow. The Kremlin reported that two drones were used in the attack but were disabled by Russian defenses.

Bodyguard Saves Japanese PM from Pipe Bomb Attack

A bodyguard has been hailed as a hero for his quick-thinking actions during a suspected pipe-bomb attack on Japanese Prime Minister Fumio Kishida. Video footage captured the bodyguard kicking away a metal object as it landed near Kishida
before positioning himself between the Prime Minister and the device, shielding him with a collapsible, handheld ballistics shield.

AlertEnterprise Reveals First-Ever Guardian AI Chatbot Powered by OpenAI ChatGPT

AlertEnterprise has unveiled its first-ever Guardian AI Chatbot powered by OpenAI ChatGPT. The chatbot will make its global debut at the ASIS Europe and ISC West trade events. Built on OpenAI’s GPT-3 platform, the Guardian AI Chatbot aims to provide security operators with instant access to critical physical access and security insights through quick questions and prompts.

COVID-19 and the Executive Protection

As practitioners, our responsibilities are many: protection of the client from physical harm, protection of the client from self-embarrassment, etc. Now, that the restrictions in the post COVID-19 era are starting to be lifted in some areas, Clients, and other high-net-worth individuals will be more aware of the area in which they are located, lodging, and traveling to.

Ways to See the Threat Before it Happens

Threat modelling is widely in use, whether knowingly or not, across every walk of life – and has been used since time immemorial to prioritise security defences. The only difference between the well-known risk assessments carried out by everyone and threat modelling in cyber security is the attempt to document and systemise it. I am hoping that this idea of formal threat modelling will be a useful tool for you to use in your future arsenal of available resources as a CP operator.

Keeping Your Edge: Building a Solid Foundation

Longevity, consistency and remaining relevant are some primary goals of all protectors. These factors are important when establishing a new contract and providing services for a new client. But what is equally important is the mindset that goes into those first days and weeks on the assignment. As such, I wanted to get the personal perspective of Vantrell Wilson, a close protection agent who I have trained with and worked alongside of for years now.

Turning Habitual Habits into a Positive

Being an instructor for Tony Scotti’s Vehicle Dynamics Institute has forwarded the opportunity to observe how a large section of professionals interact and function from different niches of the industry. Military, transnational EP teams, US based teams, Federal LEO’s or with civilians this theme shows through. Even in the larger training arena the change can be seen as more of the schools are starting to focus on classes or blocks of instruction such as client management and behavioral analysis. The discussion forms are flooded with conversations relating to how to work in a team dynamic. It doesn’t matter if its a 28 day school or a three day school, they will be touching on and teaching these topics.

What is Tour Security?

Tour Security is often thought of as a rather niche and unique area of security protection. Using the format of a question and answer session, Miguel DeCoste will venture to answer ‘what is tour security’ and how does it differ from other forms of security provision.

Social Media Policies

Anyone who works for you and has their work title/position linked to your company represents your brand and is responsible for your reputation. They can also be a liability for you and may become the weak link of your company and their online activities are such that your competitors can use it against you.

Buy The Latest Issue

Sign Up For News and Updates

Promoted Event

Latest Podcast Episode

Latest Issue

Issue 66