All a sinister person needs to do to spy on you is to simply penetrate your smartphone or tablet.
OF late, spying has been a household word after revelations of
Prism, a clandestine mass electronic surveillance programme operated by
the United States National Security Agency (NSA), by former NSA
contractor Edward Snowden.
But one does not need an entire state programme to spy on someone.
All that a sinister person needs to do is to penetrate their
intended victim’s smartphone or tablet. Which is quite an easy thing to
do, actually. One of the common methods used is spyware.
Such spyware can easily be found by searching on Google although they are usually not free.
There is a possibility that consumers might
download spyware from an identified party or an unknown source
accidentally. - Goh Chee Hoh
This is what happened when a husband in Singapore suspected his wife
of having an affair. On the pretence that his phone was not working, he
borrowed his wife’s phone to make a call but instead installed a
spyware app.
The husband was then able to see the calls made (but not hear the
actual conversation), messages sent and her location at that point, from
a computer using a Web-based application that communicated with the
app.
When the information confirmed that she was having an affair, he
continued to monitor her phone for some time before posting the
information online, including the messages she sent to her “lover”. He
did not reveal any personal details about themselves but this is how the
news became public.
However, many have questioned the authenticity of the story, with
some brushing it off as a publicity stunt to sell the spyware app.
Nevertheless, it pays to be safe, as there are apps that can do such things and they are easily obtainable from the Web.
“Mobile phones are an integral part of consumers’ lives, with two
thirds of adults worldwide reporting that they use a mobile device to
access the Internet,” says David Hall, senior manager of regional
product marketing for Norton at Symantec Corporation.
“As we use our mobile phones in new and innovative ways, we’re also putting sensitive information at risk.”
“Spyware is a type of malware (malicious software) that logs
information and then forwards that information from your device,”
explains Rob Forsyth, director for Asia Pacific at Sophos Ltd.
Usually, such spyware is capable of operating quietly in the
background so it can easily go unnoticed by an unsuspecting device
owner.
“For a regular user, it is very difficult to figure out that they’ve
been infected,” says Goh Su Gim, security advisor for Asia Pacific at
F-Secure (M) Sdn Bhd. “There’s no obvious signs.”
In fact, it may surprise you to know that such threats could actually come from a source that’s known to you.
“There is a possibility that consumers might download spyware from
an identified party such as their spouse, friends, colleagues, business
associates or from an unknown source accidentally,” says Goh Chee Hoh,
managing director for South-East Asia at Trend Micro Inc.
As an example, he describes a mobile phone monitoring service which
uses Nickispy, a family of viruses that attacks Android devices). It is
said to be capable of monitoring a mobile user’s activities and
whereabouts. The Chinese website which offers this service charges
subscribers fees costing US$300 to US$540 (RM900 to RM1,620).
“This spyware sends MMS to the victim’s mobile device. Once the MMS
is downloaded, the cybercriminal is granted access to your line of
communications,” Chee Hoh says.
This security issue is further compounded in cases where a consumer uses the same device for both work and personal purposes.
“From a personal user’s standpoint, one can experience loss of
privacy whereas from a business perspective, an organisation may lose
sensitive data which can lead to loss of revenue,” he explains.
Had such an act been committed in Malaysia, it would go against
Section 231 of the Communications and Multimedia Act 1998. Using an app
to obtain information from another person’s phone can land the offender a
RM50,000 fine or a prison term not exceeding two years if convicted.
The Malaysian Communications and Multimedia commission (MCMC), our
multimedia industry nurturer and regulator, also said that it does not
act alone when pursuing offenders.
“We look at each case individually and help other agencies like the
police, for example, when upholding the law,” said Sheikh Raffie Abd
Rahman, MCMC head of strategic communications.
By SUSANNA KHOO and ZAM KARIM
bytz@thestar.com.my, The Star/Asia News Network
Simple safeguards to keep your devices secure
While the mobile security and
privacy threats remain very real and imminent, the steps to prevent such
problems are really quite straightforward and easy to do.
Following are some practical tips, courtesy of security specialists
Symantec Corporation, Sophos Ltd, Trend Micro Inc and F-Secure (M) Sdn
Bhd, that you should take note of:
1. Use your device’s built-in security features
Configure your security settings so that functions such as location
sharing are disabled and passwords are not saved but need to be manually
keyed in each time.
You can also make your device more secure by activating its lock
function and requiring an identification action such as a fingerprint
scan, keystroke pattern, numeric PIN or alphanumeric password in order
to access the device.
2. Use strong passwords and secure Internet connections
Unique and strong passwords will help prevent valuable information
from being stolen from your device. Using a different password for each
and every app would be best but you would need to ensure that you have a
good way of remembering those passwords if you choose to go this route.
Avoiding open and unsecured Internet connections such as free public
WiFi will also reduce risk of online threats on your mobile device.
3. Never jailbreak or root your device
Use your device as recommended by the manufacturer instead of
modifying the version of the iOS or Android operating system that has
been installed. This is usually done to install pirated games and apps
for free but this makes it easier for spyware to operate on your device.
4. Be cautious when choosing and installing apps
It’s a vast universe out there in the World Wide Web and, at times,
it’s hard to tell the good guys from the bad ones. It therefore pays to
be extra careful when downloading apps from the Internet. If something
is too good to be true, it probably is. Do background checks on
developers if you need to be sure, and scrutinise an app’s ratings and
reviews as well.
It’s also a better idea to download apps directly from the Google
Play Store for Android devices rather than from third party websites
since downloads from some of these sources may contain malware.
Do have a close look at the Terms and Conditions as well as
permissions requested by an app prior to installing it, as you don’t
want to unknowingly allow developers to track and collect personal data
which is unnecessary for running the app.
5. Scrutinise notifications and services running on your device
Stay alert whenever you receive any notification on your device.
Some may contain malicious links or cleverly trick you into submitting
personal information to cybercriminals.
Also, pay special attention to services running in the background on
your device that seem unfamiliar or strange. You will have to refer to
online guides on how to check, as it differs among devices.
The principle of “when in doubt, throw it out” could help save you a great deal of trouble later on.
6. Log out immediately
This is especially crucial for social media apps where the chances
of your data being misused are higher. Make it a habit to log out of
such apps and re-enter login information each time you use them.
7. Stay up-to-date
Take time to pick out a preferred mobile security software and
install it on your device. Make sure to constantly update it, and don’t
forget to check for updates for all your apps and to install any
available patches for your device’s operating system as well. Set up
routine scans for your device, and review the logs each time a scan is
concluded.