MOBILE SPYING – IS IT PRACTICED IN KENYA?

Mobile phones are used for a variety of purposes, including communication, entertainment and conducting business.

The acceptance and permeation of this technology in Kenya has been unprecedented with over 10 million mobile phone subscribers been registered in the past few years.
No other device in recent history has become more ubiquitous and pervasive as the mobile phone.

The year 2009 proved to be a technological watershed for mobile telephony in Kenya. Various unique developments occurred in the Information Communication Technology (ICT) sector that had a direct bearing on the mobile sub sector.

2009 also saw mobile telephony further embed itself in our social fabric. M-Pesa has entered our everyday lexicon and its run-away success has come to symbolize our increasing dependence on mobile telephony.

The mobile phone has inexorably intertwined itself to our lives as can be attested by Mobile Banking. You can never leave home without a mobile and anyone who doesn’t possess it is disparaged as a simpleton.

Mobile Security
Data security in mobile devices has therefore come into sharp focus due to the rich data hunting ground provided by the increasingly powerful mobile phones we carry around.

Mobiles have evolved into miniature computers with all the attendant functionalities and weaknesses that exist in the computing environment. This is the most important point to grasp if you are to understand how a mobile can be bugged.
Various vulnerabilities exist in the Short Message Service (SMS), Voice and Bluetooth mechanisms of our mobile phones.

SMS
Apart from voice, the most commonly used data application on mobile applications is SMS text messaging. It is reported that over 74% of global mobile phone owners are active users. It is also very lucrative considering that such a high percentage of global mobile phone owners are active SMS users. This makes it a logical starting point for any spy.

Programs exist that can turn your mobile into a bugging device. Short messages are sent using a protocol (rules determining the format and transmission of data) supported by an SMS center (SMSC) which forwards messages sent from a mobile to the destination.

These protocols have flaws which can be exploited to introduce a Trojan horse into your mobile. One such weakness is found in the service SMS.

A spy only requires your mobile phone number and sends off a service SMS. A service SMS is used by phone operators to update software on phones. These updates can vary from routine tweaks to an overhaul of the phone’s internal systems. These service SMS messages are, however, never challenged by the phone to verify whether they are legitimate.

It is therefore easy to pose as a phone operator and send a Trojan virus which never registers in your inbox. You will never hear a sound or see any indication that a Trojan has been installed. The Trojan is then used by the spy to listen to all your mobile phone conversations and read all your SMS text messages. You can Google Rexspy for more details.

Voice
Voice tapping used to be very simple in the days of analog cellular/mobile phones. With a simple radio scanner it was possible to eavesdrop on wireless phone conversations. The switch over to digital technology greatly reduced this vulnerability because digital protocols like GSM were able to use encryption to secure conversations.

It is therefore considerably difficult, but possible, to intercept and eavesdrop on digital cell phone conversations The equipment to do so is quite costly and telecom providers, government intelligence, law enforcement agencies, and some unethical corporations engaged in industrial espionage, tend to be the only ones who have access to such sophisticated equipment.

However there are software products out there that enable call interception which is the ability to secretly listen into a live phone call on the target’s cell phone.

To do this, you simply specify the numbers you are interested in and when any calls to or from these numbers occur on the target's cell phone, the software will send a secret text message to your cell phone. Once you get notified that a call is being made, you then call the target's cell phone, and you will be added to the live call.

The main shortcoming in these products is that there is no way you can install this kind of spy software without getting access to the target phone. So think twice next time you leave your phone at the gate of some embassy, company or government installation. Check out flexispy blogspot for further information.

BlueJacking
Bluetooth wireless communication systems are basic features on mobile phones, computers and other modern electronic gadgets. Bluetooth means that Bluetooth enabled devices can send things like phonebook/address book contacts, pictures & notes to other Bluetooth enabled devices wirelessly over a range of about 10 meters.

The Snarf attack, also called bluesnarfing, is a Bluetooth-enabled hacking technique that allows hackers to access another Bluetooth device without the victim's knowledge. This attack is similar to bluejacking and raises obvious concerns similar to where the spy gains access to the victim’s phone book, missed, received or dialed contacts. It is also possible for the attacker to use the phone’s commands through their own phone.

Conclusion
Our mounting dependence on mobile telephony will in the near future expose us to the risk of mobile spying. It is important to educate yourself on the inherent vulnerabilities that are found in this technology. This is the only way you can mitigate against the mobile telephony risks that we are getting exposed to.