We are asked to detect whether any spy software has been installed on a particular phone, sent to our lab. It is a mobile phone with no physical modification and nothing unusual in the physical appearance.
Based on my research, everything works on software level and the spy software does not show itself in applications. It secretly sends a copy of your messages and your call logs, even allows for interception.
So, is there any way to detect any spy software on a phone in the lab environment?
I would try to dump the memory and boot storage as low level as possible.
I would try to get an identical device, and load software to match, dump memory and boot storage.
Compare the two.
It is tedious but sooner or later you would find the culprit. Like Edison with the stock-ticker…
I would have responded sooner to your query Yunus but you posted a mobile matter in the General Forum as opposed to the Mobile Forensics Forum. Perhaps this might be why you may not have received many responses to your question.
There isn't enough information in your query to offer guidance. Can you give any details about the handset?
Sorry about that, I also posted in the mobile Forensics Forum.
By the way, the handset is a Nokia 6120.
Sorry about that, I also posted in the mobile Forensics Forum.
By the way, the handset is a Nokia 6120.
OK assuming we are dealing with Nokia 6120 Classic
Operating Frequencies
* EGSM 850/900/1800/1900
* WCDMA/HSDPA 850/2100
Connectivity
* Bluetooth version 2.0 (SIM Access, Headset and Handsfree, A2DP profiles)
* Full speed mini USB with mass storage class
* Local synchronization with PC using Nokia PC Suite
Data Transfer
* EDGE/GPRS multi-slot class 32
* Allows off-line mode transfer via Bluetooth – only 1 SIM needed
User interface
*S60 3rd Edition, Feature Pack 1
Other Apps
* Java™ MIDP 2.0
* OTA SW Update (FOTA)
I am not sure whether this should be discussed openly? After all it could be a bit like advising the space invader where the invader's print marks can be detected.
There are lots of people with this type of question, this seems like the best place to discuss it.
You would know as well as any this type of stuff is cat and mouse, I find an exploit, you find out the exploit and fix it, I find another you fix it, or some combination of that.
If you have information regarding that you should consider posting it and helping not only him, but others who haven't posted with the same problem, or material for future searches.
I accept the principle forensicakb.
Perhaps corroboration for attribution might be the place to start. We're told it is a Nokia 6120 and the assumption is it is a Nokia 6120 Classic. What if it is not a Classic but a Nokia 6120? Then that need to be resolved first
* Made in Finland
* Model of 1998
* AMPS/DAMPS (TDMA 800)
* Standard battery 900 mAh, Li-Ion
* Battery life
o standby time up to 200 h in DAMPS, up to 50 h in AMPS
o talk time up to 3 h in DAMPS, up to 110 min in AMPS
* High-contrast graphic display with a backlighting and the resolution of 84 x 48 pixels (up to 5 text lines)
* Memory 199 numbers
* Call register of
o 10 incoming
o 10 outgoing
o 10 missed calls.
* Improved menu in Russian
* Automatic redial
* 36 signal versions (9 ringing tones + 27 melodies) + vibra (in the presence of a special battery)
* Work mode - digital, SMS
* Digital pager
* Built-in 4 games, calendar, calculator, alarm clock, time
* Dimensions 149 x 47 x 30 mm
* Weight 164 g
It is a Nokia 6120 Classic.
Thanks Yunus.
I have just had a call to go and deal with a matter. So I will ask you to do something for me please and that is to send to me an email with the results from the manual examination test. I need to know all (that means everything you see) the information displayed in each of the screens.
You will need to have switched ON the exhibit and then input the following codes. You may have input certain codes on numerous occasions, but as this is being disucssed in the open there is no harm in at least stressing good practice and the need for caution, so as to avoid adding content to the exhibit
*#06#
*#0000#
*#0010#
*#92702689#
To refresh, when you have this info email your findings to me. Do not post it at this site as you have mentioned the 6120 you are examining is an exhibit and we cannot have data from a suspect's handset being broadcast to the world at large. I need to see the info if I am to help you as I may need to discuss some aspects about the data with you that cannot be discussed in the open.
I'll come back to you tomorrow after I get you info.
In the meantime Yunus, you may want to have a look at this weblink
http//
Feature Packed Spy Phone!
This excellent, Nokia 6120C mobile phone has all the features & functions of a normal Nokia 6120C but the modified software allows you to not only call the spy phone and listen in to surrounding sounds but it also has the functionality to allow any text messages sent from the spy phone to be forwarded on to your own mobile!
Furthermore, you can also receive text messages letting you know whenever the holder of the spy phone makes or receives a call and to which number that call was made to or received from!
Obviously all of this takes place without the spy phone registering or alerting the holder in any way - no sent message records etc.
You will need only a GSM SIM card, with some credit, to have this spy phone up and running.
FAQ
Q How do i use this ?
A Give this phone to your target , you have the option to just call it to listen , any texts sent or received will be forward to you ,
Q Can i intercept calls?
A Yes you can as long as your network is capable of confrence calling
Q Will my target know this is a spy phone ?
A there is no way they would know the s/w is completly hidden no i cons ect .
Q Can it be used as a normal phone ?
A Yes it works as a normal phone
Q How do i control it ?
A you remotly control by sending a simple text message to spy phone , once you have set it up you never need to touch phone again .
Q Can i call it from any phone
A If any other number calls phone it will ring as normal , you can change your secret call number at anytime though ( instructions supplied but its dead easy).