FinSpy brings platform neutral spyware to smartphones

Despite repeated warnings from security experts, mobile devices have been the victims of relatively few malware attacks so far. That could be about to change, though, thanks to spyware designed by Gamma Group, and boy, is it scary.

According to Bloomberg, Gamma Group is marketing FinSpy Mobile, part of their larger FinFisher product line, towards law enforcement, but it reveals some serious security flaws in our smartphones. FinSpy can essentially take all of the power your smartphone has to offer and turn it against you, recording everything from your emails and phone calls to your photos and audio clips. It can even record video and audio without the user even knowing it.

Mobile malware can be even more dangerous than the infections you’ve seen on your PC, since it makes it possible for criminals (or your local dictator) to track your every move. FinSpy Mobile seems to offer a lot of the same features as its bigger brother, FinFisher, which essentially offers all of your favorite spyware functions in one convenient package, including keylogging and recording Skype and webcam conversations. As bad as watching you enjoy pr0n through your webcam sounds, it’s got nothing on this stuff.

For their part, Gamma is mum on the subject. “I can confirm that Gamma supplies a piece of mobile intrusion software – FinSpy Mobile,” Managing Director Martin J. Muench told Bloomberg. “I certainly don’t intend to discuss how or on what platforms it works. I do not wish to inform criminals of how any of our detection systems are used against them.

That’s all well and good so long as it’s only being used for legitimate purposes, but we already know that it doesn’t work that way – Bahrain has been using black market versions of the software against anti-government activists. We somehow doubt that they’re the only ones capable of using it for less savory purposes.

What’s really disturbing is that FinSpy Mobile is being deployed on just about every mobile platform in use today. Security experts have determined, in part thanks to a brochure released by WikiLeaks, that it can target Windows Mobile (we assume that this means Windows Phone), iOS, BlackBerry, Symbian, and Android. All it takes to install FinSpy is clicking on a link that might appear via text message, encouraging the user to download an update.

Microsoft responded to Bloomberg’s concerns about FinSpy with this statement:

We strongly encourage Windows Mobile owners to avoid clicking on or otherwise downloading software or links from unknown sources, including text messages.

That’s pretty standard stuff, but since we already know that SMS in particular is susceptible to spoofing, it’s good to keep it in mind. Nokia’s statement, on the other hand, raises another question; how does FinSpy get around the usual restrictions on app installations on Windows Phone and other platforms?

Nokia said that since a user would have to actively accept the installation, it shouldn’t be a problem. We’re not sure how exactly FinSpy is able to get around a walled garden like the iPhones, if it indeed works as well as is claimed. Unsurprisingly, Apple didn’t offer a comment.

In the meantime, be a little more careful next time you think about opening a link someone sends you, and use common sense. Your smartphone is still a computer, and no matter how secure it might be, it’s not beyond the reach of hackers, legitimate or otherwise.

Source: Bloomberg
Radar Eye image by Shutterstock

Report a problem with article
Previous Story

Google and Apple CEOs rumored to be having patent chats

Next Story

Run Windows 8 on a Mac with new Parallels Desktop 8

12 Comments

Commenting is disabled on this article.

Am I the only one who likes these spy programs? I love being spyed on and being part of bot nets give me this sexy feeling of excitment.

This is probably the one time I'll ever say this, but this is one good thing that comes out of Apple having a walled garden approach. Unless you jailbreak, at least you know your installations are coming straight from the app store, so Apple's looked at them first.

mitcho1989 said,
This is probably the one time I'll ever say this, but this is one good thing that comes out of Apple having a walled garden approach. Unless you jailbreak, at least you know your installations are coming straight from the app store, so Apple's looked at them first.

Hmmm I wonder who else is like that? Oh yeah, Windows Phone

mitcho1989 said,
This is probably the one time I'll ever say this, but this is one good thing that comes out of Apple having a walled garden approach. Unless you jailbreak, at least you know your installations are coming straight from the app store, so Apple's looked at them first.

What's to say Apple hasn't provided them with the source code?

mitcho1989 said,
This is probably the one time I'll ever say this, but this is one good thing that comes out of Apple having a walled garden approach. Unless you jailbreak, at least you know your installations are coming straight from the app store, so Apple's looked at them first.
Interesting you say that. Doesn't the article state that this somehow circumvents the walled garden? Why yes, yes it does.

For those that use Apple products: enjoy your pseudo security.

Someone needs to make an Anti- FinSpy app to keep watch for it and perhaps other things like this not really as intensive as an AV.

sava700 said,
Someone needs to make an Anti- FinSpy app to keep watch for it and perhaps other things like this not really as intensive as an AV.

Yupp, their stuff is scary to say the least.

Stuff like that should be illegal.
Simple as that.

GS:mac

Don't just assume he means Windows Phone, he said "Windows Mobile".
It all comes back to the User, and a degree of stupidity.