Your smartphone may be sharing your secrets. Using "spyware" that sells on the Internet for as little as $15, other people can hijack your phone. This allows them to hear your calls; see your text messages, e-mails, photographs and files; and track your location through constant GPS updates.
Your phone can even be turned into a surreptitious microphone. "When the phone is off — in a pocket, purse or on a table — it can remotely be turned on so conversations around the phone can be heard," says Brenda McGinley, owner of Inc., an Indianapolis security firm.
The world now has about 370 million smartphones, according to ABI Research, an Oyster Bay, N.Y., firm that studies wireless communications. They include BlackBerrys, Androids, iPhones and others that easily accept apps and have ample processing power. Security experts say millions of them may already be infected with spyware; the risk for basic "dumb" cellphones is far less.
Mobile phone spyware is illegal in the United States but is sold by websites operating overseas. With at least 600 variations of the app out there, all it takes is a credit card to make an instant wiretapper. Often that person is a suspicious spouse, an overly protective parent or a jealous coworker. "But it's certainly possible for scammers to use it for identity theft," says McGinley.
There are even websites that sell phones with spyware already installed.
If your phone becomes infected, a text message alerts the spy when you make or receive a call, with no unusual signs on your end.
So is your phone infected? Here are some warning signs:
- Your bill may show texts to unknown phone numbers, often occurring at the same time as legitimate calls. It's at these numbers, surreptitiously dialed by the spyware, that someone is monitoring you.
- The battery is warm when the phone isn't in use, or it dies quickly — this may mean power is being drained by the spyware.
- Your phone flickers when not in use.
Confirming a spyware infection isn't easy. The phone needs to be sent to a lab where experts look for a few lines of identifying programming code. "With the typical smartphone having up to 300,000 lines, it's finding a needle in a haystack," adds McGinley, whose company charges $2,200 for such jobs. The work can take eight days.
The best prevention: Use a handset pass code to lock your phone and prevent anyone else from using it. And never open links in e-mails sent to you by unknown parties.
Says McGinley: "Your best defense is to buy a $20 phone with prepaid minutes for your sensitive conversations."