A new gadget is making it easy for thieves to bypass your lock screen and take control of your phone, a security researcher has claimed.
Spyware – short for “security spyware” – is a “free software application” that gives users the ability to gain access to a smartphone without having to download the app itself, or having their phone stolen.
“Spy” means “security”, so the software is actually an application that uses your smartphone to send you “sends”.
“It’s basically an app that’s able to send out a command to your phone,” said Scott Smith, security researcher at the Cybersecurity Research Lab (CRL), in an interview with Computerworld.
When your phone is locked, the app can send an SMS, or text, or use your camera to make a call, to access your device.
The software is used by criminals to steal personal information, as well as to steal your location, as long as you don’t have your phone unlocked.
Smith said the spyware can be downloaded for free from the App Store or Google Play store, but he added that it’s not available in the UK yet.
If you’re not already familiar with the app, you can download it here, and it’s a free app that can also be installed on your computer, Mac, or iPhone.
This spyware is also called “molecular fingerprinting” because it works on your fingerprints, and is used in other ways to track you, Smith said.
However, the spy tool also has some serious security flaws, according to CRL.
First, if you have an older device or you have a fingerprint scanner that can’t be used with the spy software, it will not recognize it, and will not give you the option to unlock it, Smith explained.
It can also allow you to download files without unlocking the device.
“If the device has no locks, then it’s actually very difficult to actually install the spy app, because you’ll be stuck in a loop where you have to enter the password and then you’re supposed to type in the password again,” Smith said, adding that if the user has a PIN on the device, then that PIN is used to unlock the device instead of the password.
Another weakness is the spy’s ability to trick your phone into sending a command. “
If you turn on fingerprint scanning and then have it scan your fingerprint, it’s like you’re locking yourself out of your device,” Smith explained, adding he’s heard of people being unable to open their phones if they haven’t fingerprint scanned it.
Another weakness is the spy’s ability to trick your phone into sending a command.
In order to unlock a device, the software will ask you to tap on a screen, but the “spy” app doesn’t do this.
Instead, it sends a command that is delivered by your phone’s camera, which in turn triggers the app to send an image of the user’s fingerprint.
As Smith explained in the CRL’s article, it could be used to steal information about your identity or your location.
Once the image is sent, the user is then able to unlock their phone, and they can download the spy application itself.
Awareness of the software has increased, as security companies have started to investigate it.
“It is being used by thieves to get access to devices,” Smith added.
“If you have this spyware on your phone and it has been downloaded, you’re really not going to get it back unless you unlock your smartphone and then delete it.”
There are also some legitimate reasons for using the spy program.
“This is not malicious software, this is just the default functionality that you use,” Smith told Computerworld, explaining that it can help you with navigation, email, calendar, and other functions.
“There are some legitimate uses, like checking email and sending messages to family and friends, and even finding information on a device to access and change settings,” he said.
“The more legitimate use cases are things like locating missing loved ones.”
Smith is still waiting to find out whether he can see a market for this product.
He said he has received a few offers to buy a device from the CRR, but there has been no response.
CRL has already released an update to the spy that fixes a few security issues.
After that, Smith says he will be contacting his local Police force and contacting other people to see if they are interested in buying the spy.
Follow Ben Kew on Twitter at @ben_kew, or email him at [email protected]