BBC writes smartphone spyware, and Android malware developments

bbc-news-logo

BBC technology correspondent Mark Ward has shown TV viewers today how easy he found it to create spyware that could steal contacts and SMS text messages from a smartphone.

The good news is that the BBC doesn’t appear to have broken any laws (unlike when the BBC Click programme controversially hijacked a botnet of 22,000 computers and told them to each send 500 spam emails).

In this latest broadcast, Mark Ward’s smartphone spyware – which was disguised as a crude noughts-and-crosses game – was not uploaded to an app store, and was only downloaded onto a single handset. In other words, it appears to have been a “laboratory” experiment done as a proof-of-concept.

Of course, it didn’t prove anything that we didn’t already know – but there’s no denying that it will have helped raise awareness amongst some people that care needs to be taken over which applications are run on a smartphone, just as it should be over what programs are installed on a Windows PC or Mac.

Android malware
Coincidentally, today our friends at Kaspersky are reporting on an Android Trojan horse that sends SMS text messages to a premium-rate number.

From the sound of things, the malware is only likely to be a concern to Russian smartphone owners – but we are currently analysing our sample and will be issuing detection as Troj/Fakplay-A.

It appears that the Android malware is very simple, and was specifically made for the Russian market. For instance, when run it displays a message in Russian which says something like “Press OK to access the video <name>”.

The Fakplay Trojan horse wasn’t distributed via the Android Marketplace – meaning that only users who were tempted into installing an unauthorised “Movie Player” app could have been exposed to the risk of infection.