Advanced Mobile Threats 101: Spyware
Published April 6, 2022
Spyware (spying software) is a type of smartphone malware that is secretly installed on a targeted device to silently observe and gather information on an individual and/or their organization. Spyware capabilities vary but generally allow the operator to activate the device’s cameras and microphones, track the phone’s location, access information stored on the device and read text and email communications.
How does spyware work?
Advanced mobile spyware is most often developed by well-funded entities like commercial surveillance vendors and nation-state actors. Spyware makers look for vulnerabilities in code, focusing largely on apps for messaging and web browsing. Typically, a number of exploits are chained together, each providing a hook into the system that can be leveraged for greater access. The ultimate goal is to achieve full control over the targeted phone.
To remotely install spyware on the target’s smartphone, a threat actor may use social engineering (e.g., sending a text message containing a link that exploits the given browser’s vulnerabilities) or a zero-click attack, which doesn’t require any interaction from the target. If in geographic proximity to their target, an attacker can also employ an IMSI catcher (fake cell tower) capable of delivering spyware to the phone.
Once installed, the spyware can harvest any data from the device and transmit it back to the attacker. In the case of the infamous Pegasus spyware, access is granted to SMS messages, emails, browsing history, WhatsApp chats, photos and videos, GPS data, calendars and contacts, and operators can also activate the phone’s microphones and cameras and record calls.
What are the key risks of spyware?
The risks of spyware vary based on the individual being tracked and the organization doing the spying. Some key risks are highlighted below.
Mobile espionage: The threat actor can sift through the trove of collected intelligence to perform mobile espionage in the hopes of finding valuable nuggets of information (like trade secrets) or simply additional pieces that can add to a greater understanding of the individual and/or their organization.
Phone tracking: The attacker can also conduct phone tracking, which can shed light on the target’s key locations, routines, preferences, associations and more.
Actionable information: Beyond elevating the attacker’s understanding, the captured information can be leveraged in a number of ways: harassment, blackmail, public attacks and even carrying out additional attacks.
How can Privoro help you protect yourself from spyware?
Software-based security is generally overmatched in the battle against advanced spyware. As such, we recommend that users act as if their smartphone has already been compromised. This means limiting the data ultimately available to spies. We recommend using SafeCase – our smartphone-coupled security device – to deny audio and video capture. And in instances where location privacy is warranted, we recommend using Vault, our two-in-one RF shielding and audio masking device.