Smartphone Software Makes It Cheaper To Spy From A Distance
ROBERT SIEGEL, HOST:
It has gotten cheaper to spy on people from a distance. That's what a writer for the tech website Motherboard found out. This isn't about looking through walls or eavesdropping next door. It's reading messages and seeing call logs, looking at pictures from anywhere in the globe. One nasty trick is turning on a smartphone's microphone. In this case, the spy and the victims, Motherboard reporter Joseph Cox and a friend, were all in cahoots with the spy in New York opening a mic on Cox's phone in Berlin, where he and the friend were in a bar.
(SOUNDBITE OF ARCHIVED RECORDING)
JOSEPH COX: Do you want another drink?
UNIDENTIFIED WOMAN: Yeah, sure. I'd like - I'm going to have another drink, like a beer or something.
SIEGEL: Well, to tell us about this spyware, we welcome Joseph Cox to the program via Skype. Welcome to the program.
COX: Hey, thanks a lot.
SIEGEL: And walk us through what we just heard. What exactly was happening to enable that recording to be made?
COX: Sure. So I had loaded malware onto the Android device by going to a website, downloading a special app, installing that. I then went to a bar with my friend. My colleague in New York just sent a very specific text message which then activated the microphone and recorded everything around us for about three minutes.
SIEGEL: And how easy was it for you to set all that up?
COX: Incredibly easy. All you need is physical access to the device you want to monitor.
SIEGEL: That was a very good quality recording, by the way.
(SOUNDBITE OF ARCHIVED RECORDING)
COX: What camera did you buy?
UNIDENTIFIED WOMAN: Like, a 4K camera. A system camera.
COX: But, like, where are you going to be using that?
UNIDENTIFIED WOMAN: It's really nice because, like, the resolution is so...
COX: Yeah, but why are you going to put 4K film on a website?
SIEGEL: Were you holding the phone up and passing it between each other, or was it on the bar, or...
COX: We were literally sat in a corner of the bar at a table. The Android device was just on the table in between our drinks. And it picked up our entire conversation as this - and the sort of ambience around us as well.
SIEGEL: Where do you get spyware like that - not that I'm interested in it personally - and how expensive is it?
COX: You can get it pretty much anywhere on the internet. You Google spyware to buy, malware to spy on spouse, you're going to get dozens of websites that'll happily send you a download link in exchange for about $60, $150, $200. It's exceptionally cheap for the power of the malware.
SIEGEL: Who's this being marketed to, this kind of spyware?
COX: Some companies market towards those people who want to spy on their lovers, their wives or their spouses, predominately men, it seems from the marketing. Others push it as a solution for keeping tabs on your children. Or if you're an employer and you want to monitor your staff, that's how they also market it as well.
SIEGEL: How easy is it to figure out that somebody is doing this to your phone?
COX: I mean, you'll probably see suspicious apps. If it's an iPhone it may be jailbroken, which is somebody's installed a new operating system or software on it. Those are both pretty good signs. Or sometimes the attacker will put the software on the phone itself before giving it to the target. So if somebody else is giving you your mobile phone, that's a pretty good indicator as well.
SIEGEL: But it - would it be simple to look at your phone and tell that this has happened? Or would that take a more skilled eye?
COX: You would need to look pretty deep into the phone for a casual user. A forensics examiner would be able to find it with special software or hardware as well.
SIEGEL: If I actually did this to somebody else's phone and then listened in on that person's conversations, am I violating all sorts of laws when I do that?
COX: And it's certainly illegal under U.S. law. The malware itself, buying it, possibly selling it in some context may not be illegal, but using it to intercept communications certainly is a federal offense under U.S. law.
SIEGEL: Well, thanks for talking with us about it.
COX: No worries. Thank you so much.
SIEGEL: Joseph Cox writes for Motherboard, and he spoke to us from Berlin. Motherboard will be exploring spyware further on a podcast called "pluspluspodcast."
(SOUNDBITE OF BOOMBOX SONG, "INDIA") Transcript provided by NPR, Copyright NPR.