Smartphone Spying Software Attacked by F-secure
The mobile spying tool is being promoted by Mobile Spy for stealthily tracking text messages and calls on a smartphone, which is an excellent way to catch cheating spouse or monitor teens and employees. However, F-Secure also claimed the service is a way of leaking secret information to anyone with Web browser.
The private accounts can be accessed by anyone, as F-Secure claims to have found a way. According to F-Secure, a flawed Website of the company reflects the data of customers using the service on the demo page.
According to F-Secure, the configuration of URLs demonstration seems susceptible. An identifying number within the URL is found in each demonstration. There is a similarity between private and demonstration numbers. Also, it is easier for any user to access any other account as those numbers are sequential.
One of the F-Secure's senior anti-virus researcher, Jarno Niemela claimed that Id numbers are sequential and dissimilar account numbers can be obtained through URL itself, thus helping a user in pulling out service's each message, reported ZDNet Asia on 2nd October 2007.
James Johns, the CEO of retina-X Studios, however, denies any such weakness, although he hadn't made any comment at the F-Secure blog's screenshots which alleged the said weakness, reported ZDNet.co.uk on 1st October 2007.
In an email to The Register, Johns denied the possibility of the data leakage with their server. He also said that a message denying access would be received by anyone trying to use this method. Customer privacy is taken very seriously by Retina-X and all services have been tested to confirm this as not an issue.
After checking the site again, F-Secure's one security researcher told Vnunet that the crisis no longer persists.
A senior researcher at F-Secure, Sean Sullivan, claimed that the company has fixed the problem and also said that a similar response was obtained by FlexiSPY on alerting them to the same problem, and the problem was rectified, reported Vnunet on 3rd October 2007.
Related article: SMARTHOUSE Fall Victim to Plagiarizing Attack
» SPAMfighter News - 12-10-2007