The stalker in your pocket Mike Elgan / Computerworld For most of a century, azelastin nosey people, azelastin both professional and amateur, azelastin have used microphones and cameras to listen to and watch unsuspecting targets. In recent years, azelastin the miniaturization of electronics has enabled these devices to be hidden.Extreme drops in price have made spy electronics available to anyone, azelastin even creepy stalker types. The only remaining challenge is placement: If anyone wants to capture the juicy tidbits, azelastin they've got to have a microphone or camera in the right place at the right time. Enter the camera phone, azelastin a dream come true for not just spies but a new breed of "cell phone stalkers." Camera phones contain all the necessary ingredients for completely invasive stalking: a microphone, azelastin camera, azelastin personal data on the user, azelastin location information, azelastin a chat and call history -- you name it. And victims carry them everywhere they go. All that's missing is the software that lets stalkers take control. This new software, azelastin called snoopware, azelastin does just that. Azelastin Snoopware -- both legal and illegal -- enables stalkers to secretly seize control of a phone's electronics to listen, azelastin watch and spy on their victims. Welcome to the creepy new world of cell phone stalking. Although cell phone stalking is new, azelastin there's already plenty of bad information, azelastin urban legends and false beliefs about it in circulation. Â I'm going to sort all this out for you, azelastin tell you about what's possible and how to protect yourself (it's easier than you think). Azelastin But first, azelastin let's look at the first and most celebrated case to date of this new world of cell phone stalking. Meet the Kuykendalls I told you in a previous column about a family in Washington state called the Kuykendalls, azelastin who say that a hacker was stalking them through three of their cell phones for more than four months. The stalker seemed to perform unprecedented cell phone superhacks, azelastin according to press reports. For example, azelastin he watched them through their phones' cameras and listened through the microphones. Azelastin When they turned off the phones, azelastin the hacker turned them back on remotely, azelastin seized control of the phones and sent text messages from them. When they got new phones, azelastin the hacking continued. Even scarier, azelastin they received almost daily threats of violence from an anonymous caller, azelastin who seemed to be calling from a family member's own phone, azelastin even when that phone was turned off, azelastin and provided details about what they were doing and even what they were wearing. In addition to the Kuykendalls, azelastin the family's neighbor and Mrs. Azelastin Kuykendall's sister were also harassed by the anonymous caller. Although the mainstream press played up these events as some kind of terrifying superhack, azelastin I think something much more ordinary is going on. The most likely explanation, azelastin based on the limited information publicly available, azelastin is that some malicious script kiddie, azelastin who knows the family personally, azelastin pulled off one or two simple hacks, azelastin then "socially engineered" the family into thinking he'd done something more impressive. For example, azelastin a combination of spoofing one of the family's cell phone's Caller ID, azelastin which is easy to do, azelastin and using that trick to retrieve voice mail, azelastin plus possibly hacking the carrier's Web site to change ringtones and cause other mischief. Azelastin These steps, azelastin combined with old-fashioned spying on the family in person, azelastin could explain nearly all the superhacking claims. Hacked? Yes. Azelastin Disturbing? Very. Azelastin Illegal? Absolutely. But it's a far cry from the picture painted in the press of some unstoppable arch-villain mastermind. Experts interviewed on TV and in the newspapers answer "yes" to the question, azelastin "Is this kind of hack possible?" And, azelastin in fact, azelastin it is possible, azelastin but spectacularly unlikely. To pull off the Kuykendalls' superhack described in the press, azelastin the family would have to repeatedly buy high-end camera phones, azelastin such as Windows Mobile, azelastin BlackBerry or other devices, azelastin leave Java support on, azelastin keep Bluetooth on and in "autodiscovery" mode, azelastin or give the hacker full physical access to the phones to install several snoopware applications. What's possible? Snoopware is on the rise, azelastin mostly because of the increasing sophistication of phones. Azelastin They're like mini-PCs. Azelastin Most snoopware attacks have taken place in Europe and Asia. Azelastin But they're coming to America. Security experts estimate that there are more than 400 types of snoopware (most of them variants of a few major snoopware programs), azelastin and that figure may top 1, azelastin000 by the end of the year. Your typical new snoopware program might enable someone to listen to phone calls and read e-mail and text messages, azelastin or steal contacts and other data. Azelastin Some snoopware can use your phone's microphone to listen, azelastin even when the phone is supposedly "off." Other programs can capture images from a camera phone's camera. Snoopware is the kind of software used by the government to eavesdrop on gangsters and terrorists. But snoopware isn't the only way to stalk via cell phone. Most carriers offer a "skip passcode" feature that lets you turn off voice mail password-checking when you call from your cell phone. Azelastin But because carriers use Caller ID to verify the phone, azelastin cell phones "spoofing" another phone's number can get in, azelastin enabling hackers to access your voice mail and other features without ever knowing the password. Semilegitimate snoopware programs called Mobile Spy from Retina-X Studios and FlexiSpy from Vervata run invisibly and upload text messages and phone logs to an online server. Azelastin They can also upload location information. Azelastin Mobil Spy runs only on Windows Mobile phones, azelastin while FlexiSpy offers versions for Series 60 Nokia phones, azelastin BlackBerry and Windows Mobile phones. Azelastin A Pro version of FlexiSpy enables eavesdropping through cell phone microphones when you call a dedicated phone number. Azelastin A future Pro-X version will let you listen in on calls in progress. The companies target concerned parents, azelastin suspicious spouses and distrustful bosses, azelastin but obviously a malicious hacker could use them for cell phone stalking. Sounds bad. Azelastin But be aware that these programs require physical access to the phone for installation, azelastin and they're easy to detect. Azelastin The security software companies generally consider these applications as malware, azelastin and alert users to their presence. How to beat cell phone stalkers The best cure is prevention. Azelastin Don't allow strangers to gain access to your phone. Like any other kind of software, azelastin snoopware doesn't install itself. Azelastin The leading methods for installation are physical access installation, azelastin where the user installs by clicking on an attachment or link; or via Bluetooth. Azelastin By preventing potential stalkers from touching your phone, azelastin never clicking on e-mail attachments or links from strangers, azelastin and turning off Bluetooth autodiscovery, azelastin you'll keep snoopware off your phone. The fact is, azelastin snoopware hacks are dangerous only if you're unaware of them. Azelastin Once you suspect someone is using your cell phone to spy on you, azelastin it's trivially easy to stop them. Let me count the ways: 1. Azelastin Buy an anti-malware application from vendors like Symantec, azelastin McAfee, azelastin Trend Micro, azelastin F-Secure, azelastin SMobile, azelastin MyMobiSafe and others. Azelastin These products find not just the shadowy, azelastin hacker snoopware programs, azelastin but the legal ones, azelastin too. 2. Azelastin Turn on passwords for voice mail access. Azelastin Do you have to enter a password each time you check voice mail? If not, azelastin your carrier has enabled the "skip passcode" feature. Azelastin A stalker spoofing your Caller ID can check your voice mail, azelastin too. Azelastin But by re-enabling a good password, azelastin it will be much easier to keep your voice mail private. 3. Azelastin Downgrade your cell phone. Azelastin Snoopware works only on the most advanced phones. Azelastin For nontechnical users like the Kuykendalls, azelastin one simple solution is to swap out your high-end phone for a cheaper model that doesn't support Java or Bluetooth and doesn't have a camera. Azelastin This isn't a good solution for gadget fans, azelastin but for families feeling terrorized, azelastin this is a cheap, azelastin fast and easy way to get control. 4. Azelastin Switch carriers. Azelastin There's not much you can do at the handset level to foil a hack of the carrier's Web site. Azelastin If the company can't shut down the hacker, azelastin switch to another carrier. 5. Azelastin Buy an anonymous prepaid phone. Azelastin The last-ditch solution (just before going without a cell phone) is to buy a prepaid phone from 7-Eleven or a similar store. Azelastin This provides not only the benefits of a low-tech cell phone and a new carrier, azelastin but greater anonymity. The cell phone stalker trend is real. Azelastin But simple, azelastin common-sense precautions can protect you and your family from malicious harassment. Link toÂ original article: Â http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027438&source=rss_news10 Mike Elgan writes about technology and global tech culture. Azelastin Contact Mike at firstname.lastname@example.org or his blog, azelastin The Raw Feed.