x Abu Dhabi, UAEMonday 24 July 2017

There's a mole in your pocket

With operating systems capable of complex operations, today's mobile phones are as vulnerable to hacking as our computers.

"Need to silently record SMS text messages, GPS locations and call info of your child or employee?" asks the website of one mobile application developer. "Learn the TRUTH with Mobile Spy, a completely stealth programme! Silently record every SMS and information about each call. See GPS positions every 30 minutes. View results in your secured online account ?" For the jealous boyfriend, anxious parent or hard-working spook, the mobile phone has been the best thing since binoculars. It is a small computer, complete with microphone, that is carried with us everywhere we go.

It knows where we are and who we are talking to, and these days it even knows which websites we visit and what e-mails we receive. And as phones become smarter, the possibilities for snooping continue to improve. With operating systems capable of complex applications and a growing culture of installing programs on a handset, today's phones are as vulnerable to hacking as yesterday's PCs. Malicious software can come in the form of a traditional computer virus, or spyware such as Mobile Spy, which can be used to capture personal information for any number of purposes, legal or not.

One mobile security company says that programs aimed at surveillance and information theft are the most common. "We are seeing a lot of spyware-related infections. Two of the top three infections we see on the BlackBerry are spyware," says Dan Hoffman, the chief technical officer of SMobile, a US company that makes security systems for mobile handsets. "Look at all the different application stores for phones. All these different programs that can be freely downloaded off the internet to different devices. There's no authority overlooking all this, making sure applications, even signed applications coming from reputable sources, don't contain malicious software."

Mr Hoffman has even seen programs that, when installed on a handset, can remotely activate the microphone and act as a listening device. His advice to those thinking about privacy and security is to focus equally on installing a good mobile security system and using a sceptical mind when installing any new mobile applications. "There's a big difference between having security in place, which can be easily done, and stopping people from making mistakes," he says.

Nokia, the world's largest maker of mobile phones, says the riskiest time for possible infection of a handset with malicious code comes when opening messages sent through the Bluetooth wireless system or the Multimedia Messaging Service. Both are highly popular ways of transmitting songs, pictures and video clips in the Middle East, but can contain hidden lines of malicious code. The company advises its users to be cautious when opening messages sent over either system, particularly if they come from an unknown user. It also suggests customers install applications distributed only through a trusted online party, such as its own application store or a trustworthy mobile network operator.

Research in Motion (RIM), the maker of the BlackBerry mobile e-mail device, guarantees the security and integrity of software distributed through AppWorld, its own online application store. Programs can also be loaded to the handsets using desktop computer software, which allows users to install programs from outside the store, and administrators of a BlackBerry Enterprise Solution, which manages large-scale corporate installations of the handsets, can remotely install programs on all the devices they manage.

But the most vulnerable link in the BlackBerry armour is when users are sent a hyperlink through e-mail, text message or chat that downloads software when clicked. This was the way Etisalat's code, described by RIM as "a telecommunications surveillance application" and sent as a software patch, made its way to UAE handsets recently. Because it is difficult to know what lies behind a hyperlink, as even one promising to remove malicious software can actually install it, caution is again advised when clicking.

For those concerned that outside parties may have the ability to monitor e-mail sent from their handsets, those in the know say there is little that can be done to guarantee privacy on what is a fundamentally open, insecure medium. "There is no substantial difference with regards to security on mobile e-mail compared with desktop PC e-mail," said Carsten Brinkschulte, the chief executive of Synchronica, a producer of mobile e-mail systems for network operators and handset makers.

"The vast majority of all e-mails sent and received from PCs is completely unsecured and unencrypted. E-mails travelling from the outbox of your e-mail client to the inbox of the destination are often passed on through a network of servers, hopping from one server to the next - all in unencrypted form. "E-mail in general is not considered to be a highly secure form of communication. If used for very sensitive information, encryption programs need to be used on both the sender's and receiver's side to secure the message."

Mr Brinkschulte, a veteran of the industry, believes that in an ideal world e-mail should never be used to transmit sensitive information unless both parties are using special e-mail security software - and even then, nothing can be taken for granted. "There is no guarantee that these could not be deciphered by third parties or government agencies, some of which have access to tools to break even strong encryption mechanisms," he says.

tgara@thenational.ae