| 3rd April 2006 - F-Secure software recently began blocking
a commercial application called FlexiSpy that bills itself as
the world's first spy software built for mobile phones.
When FlexiSpy software is loaded onto a Symbian mobile phone,
it sends all text messages that are sent and received, as
well as call details, to FlexiSpy servers. Users can log on
to the servers via the Internet to read the messages and view
the call records. The problem, says F-Secure, is that the
phone owner may not know the program has been installed and
can't uninstall it.
"We're convinced that this could be used for malicious
and illegal purposes in so many ways that we made the decision
to flag it as malware," said Mikko Hypponen, F-Secure's
chief research officer.
Difference of Opinion?
Vervata, the Bangkok, Thailand, company that created FlexiSpy,
argues that the product isn't a virus, a Trojan horse, or
malware.
"Like any other monitoring software there may be a possibility
for misuse, but there is nothing inherent in FlexiSpy that
makes it illegal or malicious," a Vervata spokesman wrote
in an e-mail exchange. He said that the software must be consciously
installed by a person, does not self-replicate and doesn't
pretend to be something it's not.
He said that an uninstall option is provided so the user
can uninstall the program at any time but F-Secure found that
the application uninstaller doesn't work.
Hypponen also worried that a user could "beam"
the program via Bluetooth to other nearby users. "If
one in 100 people who received it wonders what it is and clicks
on it, it would install without telling the user what the
program does," he said. Going forward, the person who
sent the program could read that person's text messages online.
"If that's not malicious, I don't know what is,"
Hypponen said.
Some changes to the program could make it more palatable,
he said. For instance, if the installation process clearly
shows that a spy program is being installed, it could be useful
for parents that might want to monitor a child's text messages,
he said.
But using this type of program to spy on another person is
illegal in most parts of the world, he noted. In addition,
he also said that users might be concerned that the text messages
and calling information is being stored on Vervata servers.
F-Secure has contacted Vervata to discuss the program but
hasn't received a response, Hypponen said.
Each page of the FlexiSpy Web site warns visitors that logging
other people's text messages and other phone activity or installing
FlexiSpy on another person's phone without their knowledge
could be illegal. It also says that Vervata assumes no liability
and isn't responsible for misuse or damage caused by FlexiSpy.
Back
to News Reports
|
