Spyware known as FinFisher is capable of taking control of a number of mobile devices including the iPhone, Bloomberg reports. According to researchers at the University of Toronto, the program can secretly record from a device’s microphone, track its location and even monitor emails, text messages and voice calls. “People are walking around with tools for surveillance in their pockets,” said John Scott-Railton, a doctoral student at the University of California Los Angeles’ Luskin School of Public Affairs. “These are the tools that can be used to turn on your microphone and turn your phone into a tracking device.”
FinFisher was developed by U.K.-based Gamma Group and marketed to law enforcement and government agencies for monitoring computers and mobile devices. The company confirmed on Wednesday, however, that one of its demonstration copies had been stolen.
The malware can target devices running Windows Phone, iOS, Android, BlackBerry and even Symbian. According to Gamma’s FinSpy (the mobile variant) brochure, “When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located.”
A mobile device can be infected with FinSpy by either visiting a Web link and downloading the virus, which would be hidden as something else, or through a text message that appears to be a “system update.” In their study, the researchers noted that the spyware doesn’t appear to take advantage of a vulnerability within the phone or operating system itself.
“We strongly encourage Windows Mobile owners to avoid clicking on or otherwise downloading software or links from unknown sources, including text messages,” Microsoft said.
“BlackBerry smartphones give customers control over what can be installed on the device in addition to prompting users to grant permissions to third-party applications,” a RIM spokesperson told Bloomberg. “We recommend customers only download applications from trusted sources to help protect against potentially malicious software.”