'Mobile Spy' App May Be Open To Hijacking Attacks

/ Source: SecurityNewsDaily

The irony is too significant to ignore: A smartphone app that enables customers to spy on others' phones may itself be vulnerable to attackers looking to spy on them.

The surveillance app, called "Mobile Spy," is designed to let its customers monitor the information, including text messages, GPS location and call logs, of other phones installed with the app. That private info is then uploaded to the app user's account and can be viewed in any Web browser, either on a computer or phone.

Unfortunately for those doing the watching, Mobile Spy contains several security vulnerabilities that allow an attacker to inject malicious code into the target's phone, via SMS message, and hijack their spy session, according to researchers at Vulnerability Lab, who disclosed the flaws.

Because the developers of Mobile Spy say it is available for iPhone, Android, BlackBerry and Windows Phone, the presence of a security glitch makes it a top target for exploitation.

To make things even more confusing, there are at least five separate Android apps in the Google Play store called "Mobile Spy," and none of them seem to be the one that Vulnerability Lab is warning about. Nor is there any app in the iTunes App Store by that name.

The Mobile Spy website states that iPhones must be jailbroken in order to install Mobile Spy, and hints that Android versions will need to be "side-loaded" from a PC. Usage licenses run from $50 for three months to $100 for a full year.

Anyone who jailbreaks an iPhone or sideloads Android apps is running a big security risk. And from the looks of the "Mobile Spy" apps that are in the official Google Play store, you probably shouldn't install them either.

If you're concerned your smartphone or computer is infected with spyware, follow  these directions to detect and remove it.