I discovered MSpy Spyware on my 3GS. My husband admitted to installing it, but gave me some story about "never thought it was installed correctly, so I never tried to even log in" (translation yes, I put it on there but I never actually spied on you).
Can someone help me prove otherwise? I don't care that he spied - I have nothing to hide from him - what burns me up is how ridiculous his story is, and how right now I have no choice but to believe it. I think if he went through the trouble of getting a pre-paid credit card to purchase the software, then went through the stress of jailbreaking my phone without being caught, then worried with uploading the spyware and concealing it effectively…then there's no way he simply "thought the software didn't load right" and just dropped the whole thing altogether. That's way too much effort for zero payout, right?
I have my phone which is still jailbroken and still has the spyware on it (like I said, I have nothing to hide). I have my desktop computer, which he had to have used to jailbreak my phone and install the spyware. And lastly, I have his iphone, which is a 4G, that I believe he would have used to monitor my activity on.
Would ANY of these devices (or combination thereof) help me gain evidence that he was actively spying on me?
On our desktop, there should have been an email from the spy company, giving him the download info, confirming payment, etc, plus giving him log-in info (to access the data transmitting from my phone). If I could figure out his log in information for the spy-data that would be like hitting the jackpot. There should also be something somewhere in the Apple files that contains everything that happened during the jailbreak and upload of the software to my phone.
On my phone of course, is the spyware, plus whatever files it currently contains that show the history involved with it.
And on his phone I suspect there is history of log-in sessions, reading my activity data, etc. Even the password info he logged in with, which I assume is encrypted.
Can someone help? I've tried Oxygen Forensics, I restored the phone files with a recovery program, and I've tried Lookout on my phone. I've dug through every file I can find, everywhere I know to look, but I haven't come up with anything tangible. The biggest obstacle is that so many files are gibberish, or have a size that indicates it would contain a lot of information but then I pull it up and nothing is there. I have not successfully been able to figure out the right way to pull data and be able to read it. I also suspect there are hidden files that I am not locating. I've done a million google searches trying to learn. It's been 4+ months and I don't know what else to do.
I am hoping someone can help me with this. It would really mean a lot.
Just out of curiosity, you've caught hubby out and despite his denials he has obviously been spying on your phone use, is there really anything to be gained by confirming that?
The only thing I can think of I'm assuming you have already tried, but I would ask hubby for the log in details. If he provides them to you, then you can log in to the web interface and their may be some logs there. If they have been deleted you may be able to email Mspy with his credentials (pretending to be him) and ask for any backup logs they may have retained.
kc555 you found spyware, pre-paid credit card and understand your phone was jailbroken. That is quite a bit of detective work almost on par with an experienced investigator/examiner.
The bit you don't say which is far more useful at this stage is how you knew there was something wrong with your phone in the first place? This is not a trick question but my interest in learning what tell-tale signs (if any) you observed when using the phone.
If this helps, as you are in the US, there is an ex-police officer who has an interest in spyware on phones. Why not give him a call. Here is his website http//
@Adam10541 - Oh boy, I'm afraid I am a can of worms on this one. This is going to be quite a read.
2 years ago I discovered my husband was having an affair with a coworker (for 6 months). First, he denied it, then only admitted to what was undeniable.
I can forgive, but not blindly. I have to know what I'm forgiving - all of the good, the bad and the ugly - before I can grant it. So I spent months foraging through a single backup I had off the phone he carried during the affair (he conveniently upgraded his phone about a week after the affair was discovered then the old phone mysteriously disappeared).
I got into the "affair phone" files with an iphone backup extractor. I sifted through pages of gibberish and recovered bits and pieces of deleted texts. It was helpful, but I know my lack of know-how left rocks un-turned. I utilized google maps to examine places he'd been that were out of the ordinary, I learned about places they had been/things they discussed using his search entries on safari, and using the auto-dictionary his phone kept of phrases, etc, that he was texting during that time. I cross-referenced thousands of texts/calls with her and the times they happened to the texts/calls he placed to me with the google map info, etc., to drum up as complete a picture as I could. You get the idea. I may not be tech-savvy, but I'm persistent and willing to learn. =)
After confronting him with the timeline I had managed through my little forensics party, he did reveal more details about the affair (like admitting it lasted 6 months instead of the 2 he originally claimed), but again, he shared very little beyond what I already knew.
The kicker for me with the entire thing is that he admits there was physical contact, "I love you's" exchanged, etc etc (thousands upon thousands of texts, calls, skypes, meetings, lunches, coffees, even after-hours drinks, etc), but they never actually…well…trying to keep this G-rated here so I'll let you fill in that blank. Hard to believe, right?
So…fast-forward to this past June when I realized HE had put SPYWARE on MY PHONE. (Ummmm….areyoukiddingme? LOL) I didn't say anything to him at first - I just launched another investigation so that I could be prepared for whatever explanation he had for it. When I finally confronted him that's when I got the whole "Yes, I did it but I never actually spied on you" story. Sounds sort of familiar, doesn't it? It walks like a duck and quacks like a duck but it isn't a duck, honey, I promise.
This is why it matters a great deal to me to be able to prove otherwise. I've already had to live with one far-fetched account of deal-breaker behavior due to my limited abilities to prove otherwise (I'd love to be able to manage better forensics on the affair phone files!!), so this second hard-to-believe-story is beyond insulting. On the other hand, suspicion alone does not warrant divorce. My vows and my children mean he gets the benefit of the doubt when doubt exists.
The truth makes the difference between one horrible mistake that's behind us or realizing I'm married to a self-centered liar who isn't going to change.
See - a can of worms. Aren't you glad you asked? =)
@trewmte & Adam10541 - My phone began the odd behavior thing - dropped all contacts, I woke up to it in a perpetual reboot stage one morning (lost contacts again), running hot, draining battery, lighting up for no reason at odd times and very sluggish texts. I thought I just had a janky old iphone that had seen better days.
I was trying to troubleshoot some of those issues and under Settings->About->Diagnostics & Usage, I found a long list of dated entries (crash, lockdownd, low battery, low memory, etc). Under a random "Low Memory" report, lo and behold, it listed the largest process at the time to be "MSpy". Nothing more obvious than that! I have to laugh at their claim to be "undetectable". Really? It took me less than 5 minutes and I don't know a thing about what I'm doing!
I called MSpy and even though they state they do not condone spyware being used without the knowledge of the phone owner, they didn't give a flip that it had happened to me. All they would tell me is that a) you pay online, b) you receive an email with the software download as well as log-in information for your account, c) a phone must be jailbroken to upload the spyware, d) you monitor activity by logging into your account online.
I still wasn't 100% that "MSpy" in the logs meant it was on my phone, bc obviously there weren't any other signs of it. So I brushed up on jailbreaking and figured out how to reverse the code that hides the Cydia app from view. I was floored when it actually worked and I realized my phone really HAD been tampered with.
I started using other tools (Lookout, Oxygen Forensics, etc) to try and figure out what he'd been up to on my phone and for how long. I was able to figure out the code name for MSpy in the files (iphoneInternalService) and I think I am pretty solid on when he did it, but that's as far as I got.
When I confronted him, he said he used a prepaid Visa to buy the software (which already makes no sense bc he has a separate account from our joint account and I can't get into that, so why not use it?). He said when he went to submit payment, it would not process his card because it needed the name/address info attached to the card, and a prepaid card doesn't have that info. He called customer service. The rep took his payment over the phone, and verbally gave him link info by which to access the software (MSpy says the card would have processed just fine, and they they do not take payments by phone. Even if they had taken payment over the phone, he would have sent the software and log in instructions to whatever email address he provided…not verbally). He says he then jailbroke my phone and tried to upload the software, but it went into an endless "loading" stage and never gave him any confirmation that the transaction was successful. He cleared it out, tried again, same thing. He panicked, thinking it was taking too long, so he ended the process.
He says he never went back to try again, so he never tried to access any spy-data, thinking there wouldn't be any if the upload was incomplete.
He says he doesn't remember giving an email address, and does not remember getting an email from them. He checked two email accounts in front of me - his work and personal. He let me do searches. Nothing found. MSpy tried to find his account using those two email addresses and found nothing either. Yet he says he did make a purchase and I know it's on my phone. I think he has an alternate email address but it's yet another thing I can't prove.
Finally, I asked him where he expected to view the data coming off of my phone if he didn't have any login info that he knew of. I mean, he was going to put it on my phone and then what? Receive it telepathically? He just says "I don't know".
So this is where I sit - so many files, so much info - I know between my phone, his and our desktop there has to be a way to find what I'm looking for, but I've tried everything I know to try. I'm certain there are hidden files I haven't seen, or effective ways to read files that I don't know about. (For example, none of the MSpy files are anything I can read - and many file sizes indicate there is material to be viewed, but I open them and nothing is there. I can't figure out why that happens.)
Well, this only took all morning. I'm sorry to be so long-winded - it's a very long story. I hope I have not freaked everyone completely out now. =)
kc555 thank you for your detailed response, that was kind of you to take the trouble to reply, particularly as you are dealing with matters personal to you.
kc555, the time and effort you have put in speaks volumes for the type of person you are, and I mean that to be a huge compliment. When everything must be screaming at you that he's lying, you are still trying desperately to prove that he's not to keep the family together. Hands down incredibly courageous. Not to mention that the methodology and procedures you have followed reflect a very thorough and scientific approach. I'm not sure what you do for a living but I suspect you could easily move into LE or some sort of investigative role if you even need a life change )
For that reason (the fact that your marriage is on the line) I'm hesitant to say to much, I will offer that I was a Police officer for nearly 13 years, so by nature I am a very suspicious person. Maybe take my offerings with a grain of salt as maybe I'm just jaded and cynical by nature ) but his story(s) just don't add up, admit only what can be proven deny everything else……until that can be proven then rinse and repeat.
To get further information from the phone I think using something like iXam, Cellebrite or XRY would be the best option, however they are expensive. Elcomsoft have an iOS tool which may give you something more than the free options you've used, but it's not free.
http//
I've never used it so I can't comment on how good it is, you can buy a 15 day fully functional license for $100 US. Before you buy maybe put the feelers out here to see if anyone has used it before. I've used other Elcomsoft stuff before for password cracking and in general I believe they are quality products, but my exposure is limited.
There is also a chance that this tool won't give you anything more than you've already got, but I suspect you are wanting to look under every stone so $100 may be a cheap investment for you.
Sincerely good luck, if I was in the US I'd happily offer to help.
kc555, first thing let me take my hat off before you. )
You just put in practice what I believe, that the real traits of a good investigator are something that are there before and outside any specific (digital) forensics education/training.
You accomplished DIY, and undoubtedly in your spare time and with limited resources, what many people would fail to achieve after having got a BsC in computer science/digital forensics.
Set aside the (good) results of your current investigations, what sounds very relevant to me is the apparent lack of motivation.
I mean, you know - more or less - what your husband did, but WHY?
Cui bono?
http//
There are as I see it, two main reasons why a husband would attempt to spy on his spouse
- jealousy (suspecting her of having an affair with someone else and suffering from it)
- (in the specific case) revenge (having been caught if not red handed, at least dark orange handed wink , expecting to find some evidence to retaliate)
[/listo]
In my opinion, more important than knowing the exact extents of the amount of spying that was carried on your phone, it is to understand what drove him to at least attempt doing it.
I mean #1 could be a form of love, #2 is more likely to be a sign that the gap between you two has become too wide to be filled.
This has nothing to do with the actual logs or sessions that you may be able to retrieve, it is all about intention and reasons why.
As a side note, I understand that the software used comes in three "levels" Base, Premium, Business, and has a "time limit", if you get to know the version he bought and for how long he bought it, these data may be part of the scenario.
I mean, if he bought the "basic", he would have got at the most only three months duration and would have had to renew it (and could have been something done "on a whim"), on the other hand, if he got a 12 month subscription of either of the two higher versions, it would probably show a more determinate approach.
jaclaz
Have had a similar experience with spyware installed on a jailbroken iPhone.
The indicators were rapid battery loss, warm handset and large increase in data usage. The data usage is not the best indicator as it is generally only picked up at the end of the monthly billing cycle, unless the victim is analysing their data usage on a more regular basis. The client was not aware that the phone had been jail-broken.
The program had been taking screenshots and sending them via email. These screenshots included all actions taken on the phone. I believe this can be scheduled to occur on a timely basis, for example every 2 minutes.
Physical analysis of the phone revealed the emails. WHOIS revealed the owner of the domain the emails were being sent to.
A physical analysis of the OP's handset and PC may reveal the email address used.
You want to prove that he has logged in to the online account? Best place to do that is going to be via the computer he used to do so, or failing that, by logging into the account yourself.
Internet history and saved passwords are the obvious routes, but given that your husband is technical enough to jailbreak your phone it seems unlikely that he would screw up and leave logs like this, but in my experience people have a tendency to slip up from time to time.
If I were in your shoes my first step would be to image his computers, check the history/saved passwords and try to gain access to the accounts, then potentially use the html of the page to create search terms that could be used to find previous incidences of him logging into the account.
You might get lucky you know, the account may even have logs of when and where people have connected to it.
(Apologies if I've missed any critical facts, I've skimmed a lot of this thread because… TL;DR).
I am impressed with what you've found so far. I think you've established the mSpy was on the phone and running. If you haven't already fixed the phone, I suggest you image it in this state before fixing the phone.
The next step is to turn to the computers. If you think he used the family computer to access mSpy, then get an image of that computer before you go poking around. FTK Imager is free. You'll just need a USB drive large enough to hold the contents of that hard drive. You can also do a fair amount of analysis in FTK Imager. It can see files that Windows normally hides from you.
Finding evidence of this activity won't be easy, but it is possible. Let's assume he used private browsing mode. I don't know if Magnet Forensics will give an individual a demo of their software, but it doesn't hurt to ask. https://