Feeds

Espionage app updated for Windows phones

Next destination: Android

Beginner's guide to SSL certificates

A software developer has updated an application that turns smartphones into sophisticated espionage tools that secretly zap contacts, calendar items, and geographic locations to servers of an attacker's choice.

For now, Phone Creeper works only on handsets that run Microsoft's Windows Mobile operating system. But Chetstriker, the creator of the snoop tool and a member of a mobile phone hacking collective known as XDA-Developers, has said a version for Android-based devices is almost finished.

On Friday, he released version 9.5 of Phone Creeper to add FTP features and fix bugs involving GPS.

Phone Creeper is billed as an “espionage suite” that is silently installed by inserting an SD card containing files that are freely available online. It doesn't show up under a phone's installed or running programs, and by default it reinstalls itself if it's removed. It allows snoops to remotely control the device by sending it SMS messages. Available commands, which are silently received and deleted immediately, cause the phone to send call and chat logs (even when deleted), contacts, appointments, and GPS location.

Phone Creep is one of several free apps, including this one, designed to show how easy it is to turn smartphones into remote bugging devices. Indeed, Chetstriker has long maintained that he developed the app “because I could and because it seemed challenging and different and fun.” He doesn't use it to spy on anyone and doesn't condone anyone else doing so, either.

Not everyone is reassured. F-Secure, which provides anti-malware protection for Windows smartphones, recently added detection for Phone Creeper.

“Striker does't seem like a bad guy in our book, but a silently installing espionage suite should be detected by a security suite,” F-Secure's blog explained. “The author's motives aren't as important as what the tool actually does.” ®

Internet Security Threat Report 2014

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.