Asking the question “is my phone hacked?” isn’t so crazy anymore. The market for covert mobile phone monitoring applications is rapidly growing and recent advancements in spy software capabilities are astonishing. Spy software can be easily installed on your cell phone and it is meant to be undetectable. Even digital forensic investigators have difficulty detecting the presence of surveillance software and other malicious programs. Mobile spy software can transmit your call history, text messages, emails, chat conversations, pictures and GPS location to the person monitoring your phone or tablet. In many cases they can, without your knowledge, intercept your in-progress phone calls or even activate the device microphone to eavesdrop on you while your phone is sitting on your desk or in your pocket.
Not only are most cell phone spy apps quick and easy to install, they are designed to be covert and undetectable by the victim. The vendors program the applications so that they run as hidden or background processes and, if you were able to see the program name or installation folder, it would appear as something benign such as “gps_service”.
SPY APP RESEARCH
Binary Intelligence has developed a comprehensive approach to the detection and identification of mobile spy programs which is based on ongoing research efforts. Our investigators actively install commercially available spy programs on test devices and then perform a low-level forensic autopsy to determine exactly how each surveillance application installs and what artifacts it leaves behind. This allows us to formulate reliable detection strategies based on indicators of compromise (IOC) derived from our research. Our process is so thorough that we are often able to identify evidence of previous spyware installations long after the program has been uninstalled or the target device was reset.
SPY APP ANALYSIS
Binary Intelligence does not rely solely on commercial file-level signature scanning programs — which only detect limited/older threats. We employ a thorough 5-step analysis process in which we focus on the following areas:
- Privilege escalation
- Malware signature scan
- Targeted keyword/string search of active files and unallocated space
- Application database review
- File-system/executable program review
A report is issued upon completion of the forensic examination which details the results of each step. When spyware installations are detected, we can then undertake additional analysis in order to attempt identification of the responsible parties or isolate the unique installation “key” for potential legal followup.