There are a number of cheap, commercially available “Spy Software” programs including FlexiSPY, Spyera, XNSPY, Mobiespion, and The One Spy that can turn any target phone into a listening device. Spyera actively boasts that by making a “hidden call to the target phone” it can listen in on and record “the phones’ surroundings, like a bugging device (conversations in the room, etc),” all without the user’s knowledge. The threat to smart devices is so grave that British Parliament reportedly banned the use of such devices in their meetings.2 Other governments and businesses are quickly following suit. Professionals the world over now recognize that their face-to-face meetings are no more secure than the devices they bring to them.
Third parties can also inject dangerous malware and spyware using compromised emails, apps, text messages, internet links, and WiFi hotspots. Critically, the user will have no way of knowing their device has been tampered with.
Many common smartphone apps (like Facebook and Google+) request permission to access your device’s microphones and cameras. Third parties also publish innocuous-looking apps (fig. 2) that secretly install backdoors to access the internal components of your smartphone and take control of the device to access your data. The backdoors will often remain on a smartphone even after you remove the offending app.
A third party can also infect your smartphone with malware sent through email or websites (fig. 3). Even by opening an attachment or visiting a link, malware can plant a backdoor on your device. In some cases, it can even attack security software directly, or access your contact list and spread itself to other individuals you know.