Click to Skip Ad
Closing in...

How a smartphone backdoor can be used to spy on absolutely everything you do

Published Dec 19th, 2016 11:39PM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

You’ll have no idea that someone out there is spying on you if it happens, especially if it’s one of several government agencies that have sophisticated digital tools at their disposal. The key to everything we do is buried in that portable computer we carry around all day long. The smartphone collects a treasure trove of information about a user, regardless of operating system, and some of that information could be easily accessible to hackers who know their way around a mobile operating system.

A few days ago, a film student who had his iPhone stolen at some point decided to get revenge. He staged a second theft, but the new device was an Android-powered handset preloaded with spyware that could collect everything the thief would do.

That video went viral on YouTube, showing the world what can be done with simple spyware tools. With a little knowledge, you can turn a smartphone into a powerful spying tool and most users wouldn’t even know it’s happening.

“After my phone got stolen, I quickly realized just how much of my personal information and data the thief had instantly obtained,” Anthony van der Meer said on YouTube “So, I let another phone get stolen. This time my phone was pre-programmed with spyware so I could keep tabs on the thief in order to get to know him.”

Van der Meer chose Android exactly because you have more control over Google’s operating system than iOS. Android lets you install any apps you want, and if you’re good enough, you can install spying apps on the device.

Van der Meer used an app that not only works without the user’s knowledge, but it can’t even be deleted. Of course, if you can’t see it, you don’t know it’s there so it wouldn’t be deleted anyway. But the film student actually made it so that the Android phone in question, a top of the line HTC One, would not be upgradeable to future versions of Android that might inadvertently delete the malicious app.

Once that was done, all he needed to collect data from the thief was an Internet connection.

The student turned spy was then able to collect location data with timestamps and map the life of his subject. He saw all incoming chats and calls, and he could turn on the microphone at will to listen in on actual conversations that took place near the phone. He was even able to snap pictures and videos with the phone’s cameras without the thief suspecting a thing.

“Whenever the phone was in contact with Wi-Fi, I made a backup of all the contacts,” the student explained, “text messages, as well as the photos and videos on the telephone.” He even had access to the apps installed on the handset.

“During the day he hung out in alleyways in the center, coffee shops and in Amsterdam-East,” Van der Meer said. “At night he slept at a homeless shelter or sometimes at a friend’s house. I thought he was a sad and lonely man.”

All that information came off a phone. That’s enough data to profile a user, follow him or her around at all times, and collect and catalog all the data.

If that’s possible using commercial software, imagine what a spy organization such as the NSA can do. The Snowden leaks have proven that spy agencies are interested in tapping into smartphones, and they have created tools that can hack and remotely access mobile devices.

Even after the thief ditched van der Meer’s phone, or sold it to someone else, the spyware-loaded device would still transmit data to its rightful owner as soon as it connected to the internet — in fact it popped back online seven months after going dark.

Sure, the Android savvy crowd will immediately point out that they could detect such an intrusion. Battery performance, overall phone performance, and even data overages on one’s phone bill are signs that something’s wrong with the phone.

But most people who use smartphones are not that savvy. And that’s why malware creators come up with novel ways to target unsuspecting users. They might not be interested in tapping into your messages, but using undetectable malware, hackers could still use your phone to net them a profit, such as opening pages, making Google Play purchases, or making calls to premium numbers.

Is the same thing possible on iPhone or Windows? Most likely, as long as someone installs a backdoor on those devices that would cleverly hide the malware and allow remote access to the device. But on iPhone, it’s nowhere near as easy to pull off as it is on Android.

Van der Meer’s Find My Phone film is a great documentary. But it also reminds us why security is of utmost importance whether we’re talking about hardware or software. If you still haven’t seen the video, check it out in full below.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.