How to prevent mobile phone spying

BROWSE BY TAG Information Security Threats,   Malware, Viruses, Trojans and Spyware,   Wireless Network Security: Setup and Tools,   Handheld and Mobile Device Security Best Practices,   Enterprise Network Security,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Threats How to get rid of malware, botnets on a hospital IT network Should a national cybersecurity strategy include offensive botnets? How to prevent brute force webmail attacks How can search results lead to malware? What are today's antivirus software trends? How to detect input validation errors and vulnerabilities How to prevent and build protection against online identity theft Can secure USB devices prevent man-in-the middle attacks Is there a spy on my mobile device? When should new browsers be adopted in an enterprise? Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated Handheld and Mobile Device Security Best Practices Researchers find thousands of flawed embedded devices Best Mobile Data Security Products Should Windows Mobile updates come from Microsoft? MMS messaging spoof hack could have global ramifications Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws How secure are iPhone App Store mobile applications? Is there a spy on my mobile device? Mobile phones win during Pwn2Own contest Latest Apple iPhone features prompt security concerns Handheld and Mobile Device Security Best Practices Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RAT (remote access Trojan)  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

That depends on who you are and who you think might be spying on you.

Your cell phone conversations and wireless activity are not private, and it's important to remember that mobile phone spying is easy, and activity can be easily intercepted by many people. Consider the medium itself -- the air -- a shared one. Once upon a time, when cell networks were analog, eavesdropping on cell phone calls was trivial and vendors sold cell scanners to the public. Nowadays eavesdropping on cell phone calls is illegal, and the transition to digital networks made it much more difficult to convert captured RF to audio. However, telecommunications companies, government and law enforcement have much easier ways to snoop on calls -- as do attackers.

Since the Communications Assistance for Law Enforcement Act (CALEA) was enacted in 1994, telecommunications carriers are required by law to install equipment that facilitates electronic surveillance, so that federal agencies can have real-time access to telephone and Internet communications. The FBI has a sophisticated system called DCSNet that "can let FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans" (Wired Magazine). The NSA has also been provided with full access to all fiber-optic communications at U.S. telephone companies' major interconnection points.

There have been well-publicized reports of law enforcement using cell phones themselves as "roving bugs," remotely activating the microphones and capturing audio from the surrounding vicinity, even when the phone is off (see the 2006 reports on the FBI's monitoring of the Genovese crime family). E911 regulations have facilitated real-time location tracking of cell phone movements, allowing law enforcement to pinpoint the user's location at specific times.

When you're not using your phone, you can ensure it is not used as a "roving bug" or location-tracking device by storing it in an RF-shielding bag. Forensic equipment manufacturers sell RF-shielded mesh pouches for this purpose, and some have even been incorporated into handy phone carriers.

Closer to home, flaws in Bluetooth implementations can easily allow people around you to overhear your conversations or access your phone remotely. Josh Wright has an excellent demonstration of this on YouTube called Eavesdropping on Bluetooth Headsets. Bluetooth devices in "discoverable" mode will provide sensitive information that attackers can leverage to gain access to your device. Bluetooth devices are especially vulnerable while they are in pairing mode, because to facilitate pairing they exchange sensitive data that can be captured and used to reverse-engineer the device's PIN. To reduce your risk of Bluetooth spying, ensure your device is in non-discoverable mode by default, choose a long, complex PIN (if possible), don't accept unexpected connection requests, and only pair your Bluetooth devices in a trusted location (i.e. NOT a crowded stadium or coffee shop).

Finally, mobile devices are vulnerable to viruses, worms and spyware, just like a desktop computer. Until recently, the number of known outbreaks was relatively low. As mobile devices become more powerful, they will also become a more attractive target. While mobile malware isn't necessarily an urgent risk today, it's a trend to monitor going forward.