NetWarden - Tikiwiki : RE: Newly discovered Trojan threatens cell phone privacy

RE: Newly discovered Trojan threatens cell phone privacy

By: NetWarden on: Wed 29 of Nov., 2006 11:12 EST (3020 Reads)

Newly discovered Trojan threatens cell phone privacy

Source: http://www.echannelline.com/canada/story.cfm?item=DLY112606-4 (external link)

26 November, 2006
By Vanessa Ho

(NetWarden has a comment on this after the article)

A Trojan called RexSpy has been created by Wilfried Hafner, CEO of SecurStar GmbH to demonstrate that cell phone conversations as well as SMS messages can be eavesdropped and recorded.

RexSpy uses an undetectable SMS message that is completely invisible to the operating system. The SMS sender can spy on cell phone users at anytime as long as the cell phone is in use. With this Trojan, all SMS message and all conversations can be listened to and the surrounding areas can be monitored via this infected mobile device. In addition, the RexSpy Trojan can access and forward complete address books.

But is this a threat that we should be worried about today?

Perhaps not, answered James Quin, senior research analyst with Info-Tech Research Group.

"Viruses and malware for smart phones, PDAs and regular cell phones are accelerating into the likelihood that we are going see these vulnerabilities occurring in the wild [but] not today," he said.

Quin believed that the biggest potential threat of RexSpy is to corporations' intellectual property.

"If intellectual property is being discussed over [a cell phone] and having a Trojan [on there] that captures and relays that conversation is going to be problematic," he said.

Quin added that data classification and privacy extends beyond the documents and information stored on a computer or server but also to information that is discussed.

The analyst was also a little skeptical about the development of the Trojan by security company SecurStar.

"It's a chicken and an egg thing," Quin said. "Did they develop a solution and try and make a problem to give their solution some validity [or the other way around]?"

The SecurStar solution to combat the RexSpy Trojan is PhoneCrypt, an anti- Trojan tool to protect against any electronic eavesdropping through encryption. This software solution was developed for secure verbal communication for cell phones using Microsoft Windows. A Symbian-based version for pocket PCs and smart phones are in development from SecurStar.

Quin said there is an increasing market for solutions from the likes of SecurStar but doesn't think there is a need to protect against eavesdropping threats with such tools.

"An educated consumer can apply sensible policies to make wise decisions about use of their communication methods and phones rather than buy a tool," he added.

Quin said that it is difficult to say when a Trojan like RexSpy will start moving into the realm of reality as it could be anywhere from a couple of month to tomorrow but doesn't think the Trojan will ever become a serious problem.

"Users need to think about what they talk about and careful where it is discussed. If you are already taking those steps and measures then [Trojans like RexSpy] are not going to be a problem," Quin said.

The analyst added it is important for users to establish a policy so that users don't discuss critical information on an un-secure line like a cell phone.

"That is a wiser course of action for businesses rather than installing a piece of software on [a cell phone]. A technology solution is a band-aid on poor process," Quin said.

1 comment

Style: Sort: Threshold: Search:

By admin on Tue 21 of Oct., 2008 10:49 EDT

Is this a threat that we should be worried about today? YES!

(posted originally on Wed Nov 29, 2006 12:31 pm)

James Quin is full of sh_t if he thinks that this type of mal-ware is not a threat, people will be people and just don't behave like Quin's perfect little world. Just think of the usefulness of mal-ware like that could be to a person who wants to spy on someone. Would you want anyone to access your address book, day planner, text messages, and conversations? The media could spy on news worthy people (a tabloid getting the goods on an actor's/actress's private life) all the way down the line to the teenager getting dirt on someone they don't like at school. Don't forget about spammers!, they would love to get there hooks into your address book and maybe find out your phone habits (what pizza place you call). Actually I'm surprised cyber-criminals haven't got into this yet, what happens if someone develops a Trojan that redirects your call through a 900/long-distance/toll number or uses the above mentioned type of software to steal your identity! (does this sound familiar?) I am not even going to suggest what a cyber terrorist could come up with...

No these so called IT experts really should be more like SecurStar and be more proactive in security and privacy (think like your foe, and act on it before they do). The only thing I agree with Quin is that people should be educated about security/privacy risks and use behaviors that minimize risk. Anti-mal-ware software for any IT devices from servers all the way to the common cell phone should be used along with education and behaviors that promote a secure environment. Digital is digital, the platform/device is irrelevant. Any flow of information through any digital device should have a means of being secured.

A little off topic, however demonstrates a little thought in security could go a long way:

Just think of the internet email, what a mess it is in. If everyone used digitally signed and encrypted email, and email servers only accepted such email, there would be no spam (or at least a lot less of it)!

RE: Newly discovered Trojan threatens cell phone privacy

Is this a threat that we should be worried about today? YES!

Sidebar

Menu

Sidebar

Login