With the advent of fingerprint and face-scanning technology, we tend to walk around with a misplaced confidence in the security of our mobile devices.

And who can blame us? Companies like Apple and Google spend countless dollars on advertising just how “secure” their devices are. Apple, for example, claims that there is only a 1 in 1,000,000 chance that someone else’s face could unlock your iPhone. On the surface, that sounds very secure, but there are some weak spots that can be exploited. Someone only needs to get access to your phone once to install malware that could compromise your entire life.

 

A Cautionary Tale

One of the best examples of this in years is a very recent story about the chairman of the Brooklyn Music School installing malware and spyware on his ex-wife’s iPhone.

Between June 2012 and October 2014, Crocker Coulson used the spyware he put on his estranged wife’s iPhone to monitor conversations, text messages, locations, and much more. Anne Resnik had absolutely no idea that her husband has compromised her entire life, all by accessing her iPhone without permission.

As it stands, this is immoral enough, but what makes it even more insidious is the amount of money that was at stake. His then-wife is a tobacco heiress, and not a very technological sophisticated one at that. Evidently, Coulson felt entirely confident that he could keep tabs on his wife’s every conversation without exposing himself to scrutiny. The inside knowledge that he received was apparently intended to help when he sued for divorce in 2014.

And Coulson might have gotten away with it too, if it wasn’t for Resnik’s attorney, Raoul Felder, taking a close look at Resnik’s PayPal account. He found a $50 charge for a piece of software called “OwnSpy.” When installed on Resnik’s iPhone, Coulson could use it to activate the iPhone’s mic, allowing him to listen in on private conversations. He also installed a program called “mSpy” that gave him complete access to her emails, texts, location, and much more information.

After being found guilty of violating anti-snooping laws by a Brooklyn federal jury, Coulson was ordered to pay almost $500,000 in compensation. This included $200,000 in compensatory damages, $200,000 in punitive damages, and $41,500 in statutory damages under the Electronic Communications Privacy Act. On top of this, he was ordered to pay $10,000 each to the other victims of the snooping, including Resnik’s mother, sister, and psychiatrist. The previous year, a court found that Coulson’s actions forfeited any claim to his ex-wife’s fortune.

In short, a $50 piece of spyware installed on his wife’s iPhone potentially cost him millions upon millions of dollars.

 

It Could Happen to Anyone

While this is an interesting story with lots of gossipy details, there is an important lesson in there.

Neither Coulson nor his wife were particularly tech-savvy. However, with an easy-to-setup $50 piece of software, he was able to completely compromise her phone’s security. All he would have to do is pick it up after she unlocked it and absentmindedly put it on the counter and BAM, he’s in.

This can happen to ANYONE. All someone needs is the software and a brief period with your unlocked phone to give them access to everything on it. If there are huge amounts of money on the line or corporate data in its flash drive, this can lead to disaster, especially if the hack isn’t promptly (if ever) discovered.

This is one of the reasons why ComSec LLC offers Cell Phone Forensics. It’s a very easy-to-use service: you send us your cell phone and we perform the forensics on your device. Then, we ship your phone back to you, usually within three business days, and email you the analysis report.

What do we do once we have your phone? We run an analysis to detect spyware/malware that may be installed on your device. We also perform a data extraction that is provided to you in a comprehensive .pdf report via email. It’s a thorough and effective service that will tell you if your device is free of malware/spyware, or if your device is compromised. If your device is compromised, the report will indicate the date/time and mode of entry of the spyware/malware onto the device (e.g. text message, email, etc.) You can review the extraction report to determine if there was any unauthorized activity on your device since the compromise.

We use Cellebrite cell phone forensic solutions, the most advanced and most trusted Digital Intelligence solution. Our UFED 4PC uses the trusted UFED technology, to perform extraction, decoding, analysis and reporting of the data on your phone. It works for both legacy and current smartphones, including Androids, Blackberry devices, and Apple devices like iPhones and iPads. And our UFED Physical Analyzer features enhanced decoding capabilities for multiple data types while also performing on-demand searches for viruses, spyware, Trojans, malware, and other malicious payloads.

With this cutting-edge technology at your disposal, you can finally stop wondering if your mobile device is under surveillance!

If you’d like to learn more about our Cell Phone Forensic services, you can read more here. If you’re worried about more invasive home surveillance, we highly suggest you take a look at our Residential TSCM Services to ensure that your privacy will be protected. And if you have any questions about TSCM/Cyber TSCM and how to best protect your business, please feel free to contact us today!

 

About the Author:

JD LeaSure ComSec LLCJ.D. LeaSure, CCISM, is the President / CEO of ComSec LLC, a global provider of world class counterespionage and TSCM / Cyber TSCM™ services. www.ComSecLLc.com