Family Stalked Using Cellphone Snoopware

Holy crap, this is scary! A family interviewed on the Today show is being stalked by “hackers” who have taken over their cell phones. The stalkers use the cell phones to record conversations and the play them back to scare the family. They also leave messages saying they are going to rape one of the family members.

Today says the stalkers are using “snoopware” to hijack the phones and take control of them. Sounds like a scary science-fiction movie, doesn’t it? Well, it’s real.

From CNN:

Almost always installed without the user’s knowledge, snoopware can be introduced in a variety of ways – most commonly through short message service (SMS) or multimedia messaging service (MMS) sent between mobile phones. Information taken is transmitted to the user at the other end who triggered the snoopware infiltration for download and perusal.

—MEGHANN MARCO
Beware of cellphone snoops [CNN]
Today [MSNBC]

Comments

Edit Your Comment

  1. aishel says:

    So why doesn’t trading in phones work?

  2. ganzhimself says:

    For a free CRAZY snoopware app, text SNOOP to 94381!

    *Premium text messaging rate of 99 cents applies.

  3. dbeahn says:

    Yeah, these are the same idiot people that open attachments named “ILOVEYOU.EXE”

    I’d love to help the people that this happens to, but I can’t fix stupid :(

  4. Wormfather says:

    @aishel: because if you trade your phone in and give the phone toyour friend (who’s been tapped) and they call you, boom, you’re back in.

  5. djxspike says:

    Thankfully i have Verizon who wont let you install ANYTHING unless it’s made by them… almost as creepy…

  6. Buran says:

    I haven’t gotten a spam SMS in … years. That doesn’t mean no one gets them, but … honestly, I wonder how big a problem it is lately?

  7. sleze69 says:

    @Wormfather: So you’re saying that just getting a call from someone with an infected phone will infect your phone? Sounds kinda far-fetched.

  8. Pelagius says:

    This is why I use a crappy old phone with no camera or polyphonic ringtones or Duke Nukem games any other newfangled whirlimagigs and geegaws that are “hip” the “cool” kids these days.

  9. lestat730 says:

    This is very scary. Since it says the spy program sends the information using the phones internet connection, couldn’t you stop this from happening by canceling your internet feature?

    I’m still not sure how it could even be legal for companies like flexispy to sell software like this. I was pretty sure illegal wiretapping was a felony?

  10. dbeahn says:

    @Wormfather: What, did you read that on http://www.thismustbetruebecauseitwassomethingifoundontheinternet.com ?

    It takes a message with an attachment, or a bluetooth connection to infect a cell phone. A phone call won’t do it.

  11. MercuryPDX says:

    @dbeahn: Seconded. What really kills me is that even after trading in phones they must be repeating “whatever it is” that happens to infect the new phone.

  12. MercuryPDX says:

    From Flexispy Website:
    “Can I install FlexiSPY remotely?
    No. You need to have the phone physically in your hand for about 15 min. Installation is simple. You simply open up a web page on the mobile and enter your code. The download and install beings automatically.

    Tell me more about downloading the software?
    After purchase you receive your software via email, but it is also delivered to your private URL on the internet. This means that you can install the software at anytime by simply entering the URL into the phone to be monitored, as long as the phone has a working GPRS connection.”


    So my guess is that someone is sending them a URL, they open it, it takes them to a site which installs the spyware on the phone.

    They can’t get records to see where the SMS came from? The can’t just NOT click whatever it is?

  13. spanky says:

    The FBI was using some similar kind of remote activation for a mob investigation last year.

    How exactly it worked was speculation, but it was obviously sneaky enough that they were able to trick the mafia. I’ll bet those guys don’t download very many animated wallpapers or whatever.

  14. @dbeahn: That’s great, “can’t fix stupid.” Thank you for adding one more phrase to my arsenal.

    Anyway, as long as we’re all theorizing how this continues to happen, let me share mine. I wouldn’t be the least bit surprised to find out this is family related. It’s probably their cousin/nephew that paints his fingernails black and doesn’t talk. Anytime there’s a family get together, he gets a hold of the new phones and installs the program on them.

    However it’s happening, it’s still pretty damned creepy.

  15. lestat730 says:

    This is pretty scary. Last time I checked I thought wiretapping was a felony? The flexispy.com website says that the user must physically have access to the phone for at least 15 min in order to install their software. I would think that this would allow them to figure out who might have done this without to much trouble? Even more creepy is that the website advertises that their next version will support actually listening to calls in progress!

    Additionally the site says the software requires the cell phone being monitored to have internet access. I would think that canceling your cell phone’s internet feature would effectively end the spying?

    I’m also wondering if the local authorities are doing anything for this family? Hell, the FBI might even be interested in a case like this.

  16. jmuskratt says:

    Assuming arguendo that it’s possible to install software via SMS (thus removing the physical presense requirement), how do the phones get re-infected after the owners switch phones AND numbers?

    It’s a family member, or someone they know.

  17. Wormfather says:

    Perhaps I wasnt clear…if you’re friends phone is infected and they call you, the hackers now have your new number and then they can send you thinks form the host phone.

    /vague

  18. UnStatusTheQuo says:

    Well, at least we know they’ll be ONE third-party app for the iPhone. =)

  19. therethinker says:

    Ironically, I think its the government’s fault.

    I remember hearing that the FBI or something made the wireless companies allow them to do this, in order to catch people. You could assume that if this wasn’t required, snoopware might not work.

  20. Crazytree says:

    @spanky: But the difference is that the FBI likely had the cooperation of the phone mfg, the cellular company, etc.

  21. Steel_Pelican says:

    I agree with some of the other posters- I wouldn’t be at all surprised if this was a family member, or jilted lover.

    There’s no way around it, the software needs to be installed on the phone- this family is somehow getting tricked into installing the software themselves (over and over again), or someone in the house is doing it surreptitiously.

    The news story is what bothers me the most, it assumes that we viewers don’t know anything about cell phones, and explaining what elements of the hardware and software make this possible, they just go for the LOCK UP YOUR DAUGHTERS CELLPHONE HACKERS ARE ON THE LOOSE COLUMBINE 9/11 angle. Just like computer attacks, these sorts of things are preventable and reversible, but only with a good understanding of the technology.

    Instead of educating us about the tech, and teaching us how to protect ourselves, they just make it seem like your Nokia is plotting to rape your teenage daughter.

  22. tkmluv says:

    Wait, Did they say that they can even control your phone when it is off???

    How does that work?

  23. therethinker says:

    @lestat730:

    15 minutes?! Thats not that long, when you think about it. I’ve left my phone around for longer than that.

    And its a teenage daughter. She probably left her phone in an unlocked locker at high school. (No one acutally locks the locks)

    This seems like a common sense case. Don’t post your bank password in a consumerist comment :P

  24. iambeaker says:

    Funniest thing I have ever seen next to the “I’ve got an echo” sketch by Tom Mabe. Saying a phone can be taken over while it is turned off makes no sense whatsoever. In addition to the fact that they claim that people can spy on them using the phone’s camera (which would explain the great tape job on the phone’s camera) is the most absurd thing I have ever heard (and being in the wireless industry, I have heard of some crazy things). Besides, who else would want to know what is inside your pockets anyways, b/c that is where my phone spends the majority of its time. Completely insane and I would bet dollars to doughnuts that the family involved just wants some national attention.

  25. billybastion says:

    is this the super secret big deal video we were promised or did i miss it from another day?

    if its not, way to not live up to your own hype consumerist.

    sigh.

  26. royal72 says:

    once again, i’m so happy cell phones have been expunged from me and my family’s life.

  27. maxwaver says:

    wow, SCARY. I don’t think I need this cameraphone anymore. I’ll stick to my cybershot for pictures. J.k. EFF hackers.

  28. OrtizDupri says:

    Wow. These people are really

  29. mackjaz says:

    @OrtizDupri: Yes, they are.

  30. Lacclolith says:

    I loved the part where the newscaster goes “EVEN… when the PHONE is OFF!”.

    Also, is it just me, or does anyone else feel this was just some free advertising for Symantec?

  31. krztov says:

    nobody is realizing the most important fact, i challenge people to find a non windows mobile/symbian//blackberry phone that allows application installations, from that video, i saw a razr, an lg and some others, none of these have the software capable. esp since providers generally (read: almost always) have application locks on those type of phones.

  32. MercuryPDX says:

    @Krztov: I have a RazrV3 with New AT&T(Cingular(At&T)) service. I was able to install Google maps, Gmail, and quite a few downloaded games on my phone.

    New AT&T(Cingular(At&T) also sells the LG phone seen in the video, which can also download and install the same apps.

  33. zolielo says:

    @therethinker: If the phone can use the internet at all, run 3rd party applications, or be network flash updated it can be taken over. A mic, a gps (non E911), and other features those can generally be taken over.

    If you want to counter this somewhat, change the IP address of the phone to something nonsensical. Hacker can counter that but it should stop scrip kiddies.

  34. Jesse in Japan says:

    Is this the kind of thing that would justify canceling your contract without paying an early termination fee?

  35. tiffany98121 says:

    Oh my, I have been following this the past few days, as this family lives in my area (Seattle). What is really happening is that someone is making a bunch of calls but spoofing the caller ID back to the daughter’s phone number. They are also using one of those text to speech web things to send them messages. Based on the information in the story, her phone was not hacked at all. It’s just dipshit reporters who do not understand technology and like to throw in buzzwords and create a popular story. Your phone cannot have software downloaded to it from an SMS or a phone call. Period. Verizon phones can have software installed remotely, but they would need the cooperation of the phone company, which is probably what happenned with the FBI Mob case.

  36. erica.blog says:

    @Jesse in Japan: Only if your cell phone provider started charging a fee for the new “stalker enhanced” features you got…

  37. @Pelagius: I believe we are in mutual agreement. I have a phone to make calls. Not text message or send email or take pictures or browse the net with.

    I have a computer for 3/4 of those and a camera for pictures. My phone is to make calls. ’nuff said.

  38. snowferret says:

    Okay now i’m REALLY never buying a cellphone!