Espionage app updated for Windows phones
Next destination: Android
A software developer has updated an application that turns smartphones into sophisticated espionage tools that secretly zap contacts, calendar items, and geographic locations to servers of an attacker's choice.
For now, Phone Creeper works only on handsets that run Microsoft's Windows Mobile operating system. But Chetstriker, the creator of the snoop tool and a member of a mobile phone hacking collective known as XDA-Developers, has said a version for Android-based devices is almost finished.
On Friday, he released version 9.5 of Phone Creeper to add FTP features and fix bugs involving GPS.
Phone Creeper is billed as an “espionage suite” that is silently installed by inserting an SD card containing files that are freely available online. It doesn't show up under a phone's installed or running programs, and by default it reinstalls itself if it's removed. It allows snoops to remotely control the device by sending it SMS messages. Available commands, which are silently received and deleted immediately, cause the phone to send call and chat logs (even when deleted), contacts, appointments, and GPS location.
Phone Creep is one of several free apps, including this one, designed to show how easy it is to turn smartphones into remote bugging devices. Indeed, Chetstriker has long maintained that he developed the app “because I could and because it seemed challenging and different and fun.” He doesn't use it to spy on anyone and doesn't condone anyone else doing so, either.
Not everyone is reassured. F-Secure, which provides anti-malware protection for Windows smartphones, recently added detection for Phone Creeper.
“Striker does't seem like a bad guy in our book, but a silently installing espionage suite should be detected by a security suite,” F-Secure's blog explained. “The author's motives aren't as important as what the tool actually does.” ®
XDA Devs is not a hacking collective!
I doubt I'll be the last XDA member to come on here and say this but it is NOT a hacking collective or anything of the sort. It is, as the name suggests, a group of developers but also enthusiasts, fans and pasing visitors who are looking to get the best out of their smartphone. Some of the work revolves around custom firmware but a lot more of it is about new apps, themes, ways of doing things and discussion about new devices or how-to guides.
Please don't go all Daily Mail on us.
What is stupid?
Unfortunately most of the Great Unwashed don't know what "stupid" means. To most people there is just "the computer" and they cannot tell where the boundaries of trust are. They get used to downloading stuff and running it. They get used to installing Adobe viewer to view PDFs when "the computer" tells them to. When "the computer" tells them, to download a codec so they can watch a cute kitten video or pron, then will just do it.
Even the reasonably wary are easily tricked. Easy enough for a useful looking utility (eg. an editor or diff viewer) on a reasonably legit looking site to harbour a trojan.
It's pretty obvious what is dangerous when you're driving a car. If the satnav tells you to drive over a cliff, you'll probably not do it (though some have).
but can you see the market that will use this. How about parents who want to know their children are safe, or maybe who wants to find out if there spouse/fiance isn't in fact that cheating "bitch" your best mate tells you he/she is.