by: Sid Kirchheimer|from: AARP Bulletin| January 1, 2011

Your smartphone may be sharing your secrets. Using “spyware” that sells on the Internet for as little as $15, other people can hijack your phone. This allows them to hear your calls; see your text messages, e-mails, photographs and files; and track your location through constant GPS updates.

Your phone can even be turned into a surreptitious microphone. “When the phone is off — in a pocket, purse or on a table — it can remotely be turned on so conversations around the phone can be heard,” says Brenda McGinley, owner of Inc., an Indianapolis security firm.

The world now has about 370 million smartphones, according to ABI Research, an Oyster Bay, N.Y., firm that studies wireless communications. They include BlackBerrys, Androids, iPhones and others that easily accept apps and have ample processing power. Security experts say millions of them may already be infected with spyware; the risk for basic “dumb” cellphones is far less.

Mobile phone spyware is illegal in the United States but is sold by websites operating overseas. With at least 600 variations of the app out there, all it takes is a credit card to make an instant wiretapper. Often that person is a suspicious spouse, an overly protective parent or a jealous coworker. “But it’s certainly possible for scammers to use it for identity theft,” says McGinley.

The spy’s challenge is to install the program in your phone. With some types of software, this is accomplished by getting you to click on an enticing link in a message the spy has sent to your phone. With other types, spies must get their hands on your phone for perhaps 10 minutes. Entering a code to the phone “downloads the spyware with no indication,” says Richard Mislan, a professor of cyber forensics at Purdue University.

There are even websites that sell phones with spyware already installed.

If your phone becomes infected, a text message alerts the spy when you make or receive a call, with no unusual signs on your end.

So is your phone infected? Here are some warning signs:

  • Your bill may show texts to unknown phone numbers, often occurring at the same time as legitimate calls. It’s at these numbers, surreptitiously dialed by the spyware, that someone is monitoring you.
  • The battery is warm when the phone isn’t in use, or it dies quickly — this may mean power is being drained by the spyware.
  • Your phone flickers when not in use.

Confirming a spyware infection isn’t easy. The phone needs to be sent to a lab where experts look for a few lines of identifying programming code. “With the typical smartphone having up to 300,000 lines, it’s finding a needle in a haystack,” adds McGinley, whose company charges $2,200 for such jobs. The work can take eight days.

The best prevention: Use a handset pass code to lock your phone and prevent anyone else from using it. And never open links in e-mails sent to you by unknown parties.

Says McGinley: “Your best defense is to buy a $20 phone with prepaid minutes for your sensitive conversations.”