Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Mobile spyware raises ethical and legal questions

Flexispy and other companies sell software that can monitor calls and texts on a mobile phone

Article comments

In 2003, Atir Raihan began work on a product that has gone on to gain infamy in the world's security industry. His idea: to build a spyware program for mobile phones that would allow people to catch a cheating spouse.

"I remember eight years ago, having a drink with friends and telling them about my personal situation. It involved infidelity with an old girlfriend," Raihan recalled recently. Wouldn't it be good, he thought, if there was a technology that could help him get to the bottom of it?

Seeing a potential business opportunity, as well as a solution to his relationship dilemma, Raihan and his Thailand-based company, Flexispy, developed a product of the same name that can secretly track calls and texts made to and from a mobile phone.

Flexispy can't be installed remotely, so the user has to get hold of the phone and download the software to the device. Once it's there, the program logs all texts and calls on the device. It can also allow a remote party to listen in on a conversation, and to use the GPS to track a person's location.

Since its release in 2004, similar products have cropped up from companies such as Mobile Spy, which is marketed as a way to spy on children and employees, and MobiStealth, aimed at parents, employees and law enforcement agents.

While the products are used worldwide, they seem to have been doing particularly well in China. About 10,000 users there are being "infected" with Flexispy each month, estimated Zou Shihong, vice president with mobile security firm NetQin.

Within a small monthly sample of the company's Chinese clients, 1,000 users were found to have Flexispy installed on their phones, Zou said. In contrast, the company found about 300 cases in a sample of clients in the US, according to a NetQin chief scientist.

Products like Flexispy raise obvious ethical and legal questions. While simply buying such software is not illegal in most countries, how it is used can put users on the wrong side of the law. Wire-tapping is illegal in most countries without a court order, for example. Tampering with a person's phone might also lead to trouble.

"These products violate privacy," said Zhang Qiyi, a lawyer in China, where the government has tried to ban Flexispy with mixed success.

Once the program is installed, data from the handset is secretly routed to a server operated by Flexispy. The user can log into the server to read messages and check call logs. The software can also activate the phone's microphone, so it can be used as a bugging device to listen in on nearby conversations.

An annual subscription costs between $149 and $349, depending on the features. It is available for most major phone OSes, including Apple's iOS, Google's Android and Nokia's Symbian.

In 2007, a year after it went on sale in China, authorities there stopped one of its distributors from selling the product. The word "Flexispy" has even been blocked from searches on China's popular Sina Weibo social networks.

But Flexispy says numerous websites in China are selling imitations of its software. "In a most amazing case, we found a perfect Chinese clone of our website, selling a cracked version of our product," said Marc Harris, a Flexispy spokesman.

Spyera, a similar product, has also been doing well in China. Chinese users account for 18% of its customers, up from 6% just two years ago, according to the company's owner, Mihat Oger. In contrast, the US accounts for 38% of its customers.

"Our sales increased 17% from 2009 to 2010 and increased 32% from 2010 to 2011," Oger said, adding that much of the growth has been driven by increased smartphone sales.

Flexispy and Spyera said they have taken steps to keep their products legal, such as designing them so they can't be installed remotely. Flexispy warns customers that using its product without the consent of the person being targeted could be illegal, and it highlights what it says are legitimate uses of its product.

"Our marketing is focused on the legitimate uncovering of a cheating partner or the protection of a child's activities on a mobile," Harris said. "However, it is a fact of life that virtually everything can be used illegally. The responsibility is with the user, not the product."

Security vendor F-Secure has labelled Flexispy as malware in the past. Still, while such programs have the potential for misuse, in most cases that have been investigated Flexispy was being used to spy on a spouse rather than something like industrial espionage, said Mikko Hypponen, the chief researcher at F-Secure.

Tyler Shields, a researcher with security firm Veracode, noted that because the data from phones is sent back to a server operated by Flexispy, its usefulness for criminal enterprise is limited. "If I were a malicious hacker, I wouldn't want all the stolen data to be sent to a Flexispy server. For a criminal, it's not as much of a useful tool."

In China, Flexispy and its variants are better known as "XWodi", which translates as "X-Undercover." Online searches reveal a long list of sites claiming to sell Flexispy and similar products. Most of these sites, however, are scams, and selling fake spyware products, said Li Tiejun, an anti-virus engineer with Chinese security vendor Kingsoft.

"Some are real," he said.

The danger of Flexispy being secretly installed on a user's phone, however, is minimal compared with more malicious spyware reaching handsets in China, he said.

Each month, Kingsoft is finding more sophisticated spyware coming out of the country, Li said. In August it discovered a program that comes buried inside an apparently innocuous Android application, and which recorded phone calls and text messages without the user's knowledge. It's unclear why the program was developed. The creators might have been using it to collect data for marketing, which they could then sell to interested parties, Li said.

Several vendors of China's XWodi were contacted for this story, but all declined to be interviewed. Flexispy and Spyera would not reveal their exact sales figures. But aside from catching cheating spouses, the companies say their spyware products are generally used to monitor employees or track the activities of young children, teenagers, and elderly people unable to care for themselves.

Raihan maintained that he never intended his product to be used for illegal purposes. "There's enough business in the legitimate market. There's no need for it to be used in other situations," he said. Raihan later sold his Flexispy business to another company.

Whatever its merits, he is proof that the software can achieve its goal. After helping to build Flexispy, he gave his girlfriend at the time a mobile phone with the software installed on it. "Yes, she was cheating," he said. "I've used it ever since. It really opened my eyes."


Share:

More from Techworld

More relevant IT news

Comments

Kimberly Guest-Hernandez said: Our marketing is focused on the legitimate uncovering of a cheating partner or the protection of a childs activities on a mobile Harris said However it is a fact of life that virtually everything can be used illegally The responsibility is with the user not the productNow I need to refer back to Robert Sicilianos site to be sure but from the research Ive done on this product and others like it its illegal to install any spyware on a phone or a computereven to moniter you children I read a story not too long ago where the husband installed spyware on his wifes computer--he was convicted and did jail timeand they were still married So how is this legal Point being this is being used with the intent to harm every aspect of the targets life I found this post and shared as forensics found this same spyware on my blackberrys It is indeed a very powerful product It ruins lives and the makers know most use for stalking needs Seems to me some kind of security could be kept on the buyers and the makers would be concerned enough to at least try to keep it out of the wrong hands But its all about the money as they will not even disclose yearly figures Its too easy to buy it ruins lives as Ive found many news articles about just so as with products like these are virtually impossiible to convict the losers that use for their stalking needs Well Harris the issue is NOT with the user as much as it is with the makers and your uncontrollable ways to secure and protect the innocent You make that much money with this product then find a way to make dam sure you have something in place that when used unethically you can help our law enforcement agencies catch the sobs doing so To me the people who invent such products and making big bank are people that have no ethics at all I think we should put laws in place to be able to sue the company Harris ya think But sells would drop thenThis is me and my daughter Our lives were ruined by someone very close to us both yet he still walks the streets You think we are the only ones think again I believe you guys should set up a foundation using a percentage of your profits to help regain their lives Now THAT would show true integrityKimberly Guest-HernandezMexia Texas



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *