Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mobile spyware raises ethical, legal questions

Michael Kan | Dec. 1, 2011
In 2003, Atir Raihan began work on a product that has gone on to gain infamy in the world's security industry.

An annual subscription costs between US$149 and $349, depending on the features. It is available for most major phone OSes, including Apple's iOS, Google's Android and Nokia's Symbian.

In 2007, a year after it went on sale in China, authorities there stopped one of its distributors from selling the product. The word "Flexispy" has even been blocked from searches on China's popular Sina Weibo social networks.

But Flexispy says numerous websites in China are selling imitations of its software. "In a most amazing case, we found a perfect Chinese clone of our website, selling a cracked version of our product," said Marc Harris, a Flexispy spokesman.

Spyera, a similar product, has also been doing well in China. Chinese users account for 18 percent of its customers, up from 6 percent just two years ago, according to the company's owner, Mihat Oger. In contrast, the U.S. accounts for 38 percent of its customers.

"Our sales increased 17 percent from 2009 to 2010 and increased 32 percent from 2010 to 2011," Oger said, adding that much of the growth has been driven by increased smartphone sales.

Flexispy and Spyera said they have taken steps to keep their products legal, such as designing them so they can't be installed remotely. Flexispy warns customers that using its product without the consent of the person being targeted could be illegal, and it highlights what it says are legitimate uses of its product.

"Our marketing is focused on the legitimate uncovering of a cheating partner or the protection of a child's activities on a mobile," Harris said. "However, it is a fact of life that virtually everything can be used illegally. ... The responsibility is with the user, not the product."

Security vendor F-Secure has labelled Flexispy as malware in the past. Still, while such programs have the potential for misuse, in most cases that have been investigated Flexispy was being used to spy on a spouse rather than something like industrial espionage, said Mikko Hypponen, the chief researcher at F-Secure.

Tyler Shields, a researcher with security firm Veracode, noted that because the data from phones is sent back to a server operated by Flexispy, its usefulness for criminal enterprise is limited. "If I were a malicious hacker, I wouldn't want all the stolen data to be sent to a Flexispy server. For a criminal, it's not as much of a useful tool."

In China, Flexispy and its variants are better known as "XWodi", which translates as "X-Undercover." Online searches reveal a long list of sites claiming to sell Flexispy and similar products. Most of these sites, however, are scams, and selling fake spyware products, said Li Tiejun, an anti-virus engineer with Chinese security vendor Kingsoft.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.