Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Mobile Forensics: Let’s Talk About Cellphone Spyware

June 9, 2022

Frequently, our digital forensic experts get asked about spyware and often it pertains to spyware on a mobile device, such as a cellphone or tablet. Much like a computer, your smartphone can become infected with viruses and malicious programs, including spyware.

What is spyware?

Spyware is a subcategory of malware (malicious software), that gathers information about the device use and the user. This can include items such as browsing history, file downloads, payment information, usernames and passwords, emails and more.

Spyware wants to run surreptitiously, meaning without the user knowing that it is on the device, so that it can gather as much information as possible. It sometimes masquerades as a legitimate program that the user willingly installs.

How does spyware find its way on your devices?

The answer here isn’t terribly simple, in that there are a multitude of ways that spyware can be installed on a system.

  • Phishing & Spoofing
  • Security Vulnerabilities & Software Flaws
  • Misleading Marketing
  • Software Bundles
  • Other Malware
  • Malicious Applications

Spyware can be tricky and performing actions like downloading free software or applications from untrusted sources imposes high risk of downloading some form of malicious program to your system. Additionally, phishing and spoofing are frequently reported on in the wild as methods of propagation.

With phishing, email immediately comes to mind. While email is certainly a popular method when it comes to phishing there are other methods for phishing to take places such as smishing.

Smishing is becoming more popular and is an excellent way for malicious files to be distributed to mobile devices. Smishing is sending what appears to be a legitimate text message from an individual or company but is falsified and usually contains a link where the attackers harvest personal information, such as usernames and passwords. These links however could, when clicked on, start a download of a malicious program.

The cloud, mobile devices, and spyware.

Sensei’s digital forensic experts often get asked about spyware and address concerns about items such as text messages and emails being read, and search history being seen. While spyware can be found on all types of mobile devices, some of the main concerns addressed apply to Apple iPhones. Spyware can certainly find its way on to an iPhone.

Our examiners often find that what is initially construed as spyware is actually a breach of a user’s iCloud account. If an iPhone is being backed up to the iCloud, and the credentials to the iCloud account are known, it is possible for many programs to pull down data from the backups and parse that information, resulting in another party knowing about texts sent and received or websites visited. It is also possible that another party could set up a different device with the same credentials to view data from the parsed backup.

Our experts often work with clients to check their iCloud and Apple ID accounts for unknown devices connected to them. They recommend documenting information about any unknown devices and then using the methods available on the respective websites to remove the device from the account.

The same can be said for Android devices though not as frequently seen by our examiners. If there are backups of data being stored in a cloud storage solution such as Google Drive and the credentials to the associated account have been compromised, then it is possible for someone to access the information stored in that backup.

If the account has been compromised, it is best to do a few things. First, you will want to review devices signed into the account and remove any unknown devices. Then, you will want to reset your account password to something that is secure. It is also recommended to enable either multi-factor or two-step verification on the account so that there is another key needed to login.

How to detect and protect myself from spyware?

This is the tricky part, as spyware doesn’t want to be found. However, there are methods of detecting installed malicious programs on a system. At Sensei, our digital forensic experts have specialized software to aid in the detection of malicious programs.

For mobile devices, there are a number of programs available from security software vendors that can help to prevent and scan a mobile device for malicious programs such as spyware. If there is an exploited security vulnerability or bug, usually an update to the operating system or app is released to fix the issue.

The real way to protect your mobile device from malicious apps is to download apps from a trusted app store and verify applications that you are downloading to your device. Avoid using free and unsecured Wi-Fi and keep your device up-to-date. Watch out for spam calls and fraudulent text messages with links, and report them to the Federal Communications Commission (FCC). Check out how here.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology