Spy program snoops on cell phones

Software hides itself on phones to secretly capture data, leading one security company to label it a Trojan horse.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
New software that hides on cell phones and captures call logs and text messages is being sold as a way to monitor kids and spouses. But one security company calls it a Trojan horse.

The FlexiSpy application captures call logs, text messages and mobile Internet activity, among other things. The software, released at the beginning of March, sells for $49.95 and is advertised by Bangkok, Thailand-based Vervata as a tool to monitor kids and unfaithful spouses. The data captured is sent to Vervata's servers and is accessible to customers via a special Web site.

Similar surveillance software for PCs already exists and has raised the ire of groups fighting domestic violence, who fear it may be used by abusive spouses.

FlexiSpy has attracted a different kind of criticism from security company F-Secure, which has labeled the software a Trojan, or a malicious program that disguises itself as something innocuous.

"This application installs itself without any kind of indication as to what it is," Jarno Niemela wrote on the Finnish antivirus maker's corporate blog Wednesday. "And when it is installed on the phone, it completely hides itself from the user."

FlexiSpy could be used by miscreants as part of malicious software that targets phones, Niemela wrote. Alternatively, an attacker could try sending the program to phones via a Bluetooth connection and trust that there are enough curious people to install it. F-Secure has updated its security software for mobile phones to detect the program.

Vervata in an e-mailed statement late Wednesday insisted that FlexiSpy is not malicious. ""FlexiSpy is not a Trojan horse, nor a virus, and does not require the purchase of F-Secure antivirus products to remove it," the company said. An uninstall option is provided, Vervata added.

"FlexiSpy is activity monitoring software that needs to be consciously installed by a human who knows exactly what the software does," Vervata said, to distinguish its product from a Trojan horse. "It does not self replicate, it does not pretend to be something it is not, and it always requires conscious human action for installation."

Sales of FlexiSpy have "exceeded all expectations," Vervata said, without disclosing any specific numbers.

FlexiSpy is available for cell phones that run the Symbian operating system, such as Nokia Series 60 handsets. Vervata plans to release by the end of April a version for Research In Motion's BlackBerry, as well as for devices that run Microsoft's Windows Mobile Pocket PC operating system, according to the company's Web site.

Vervata is still working on "FlexiSpy Pro," which will log e-mail and multimedia messages, in addition to the other data, according to the company's Web site. That version will also include a "monitoring" feature that lets the user call the target cell phone from a preset number and listen in on what's going on in the background, in much the same way a baby monitor works.