It is a Monday morning. The alarm goes off. You raise your head and reach over to your phone. Time check, its 5:00am. You are still sleepy. You decide to put on the light but continue lying on the bed, looking up. 10 minutes later, you sit up, do some ‘punching in the air’ and straight away pick the phone up, check your WhatsApp and Facebook updates. Unknown to you, someone is monitoring your activities through an application on your mobile phone.

The issue

Your mobile phone, that gadget you go with everywhere, and has unedited version of what is on your mind to your family, friends, colleagues, and loved ones, could be being accessed by someone who you would not want to know what is going in your private life on your mobile phone.

As a cybercrime investigator, I have seen it all playout. It’s so sophisticated and advanced than most people think and are held hostage by it. Enter some married couples and colleagues at the workplace. If someone is looking at your job with a squinted eye, they will do all it takes to gain an advantage over you. They want to know what is going in your life. They get intelligence of any of your mischiefs and later use it to injure your reputation before your bosses. These people will bug into your phone and get real time live updates of whatever is going on in your life. Because a mobile phone is connected on the telecom masts; and has a unique identity, International Mobile Equipment Identity (IMEI), just press *#060# to check out your IMEI and keep it in a safe place, tracking your phone is easier than you think.

A case in point

In 2011, a lady, in her late 20s. Tall, light skinned and well groomed. She walked into my office on the third Floor then still at Katego Road, Kamwokya with a visibly worried face. She had a police guard in tow. I have been visited by many VIPs. They trust my perimeter security and usually leave their guards at my reception. She came with the guard in my office and the man followed us to the boardroom. I was alarmed.

However unsafe you think you are, you don’t have to be too exposed to your security guard. S/he does not have to listen into your private discussions unless of course, they have signed a non-disclosure and oath of secrecy administered by a legally qualified person to witness it. Any ways, I asked her to ask the Guard to give us some privacy, and jokingly said “I will keep this a business meeting.” If you are an adult, you understand my joke. The guard walked out. And she started:

“My boyfriend knows everything that is going on in my life and he is based in South Africa. I suspect it is this phone. He knows who I called today. I am sure he must be watching us right now. What scared me yesterday. I was at office. I printed a document. And he told asking me why I printed a document. He assured me that he knows everything. He has made me to suspect my colleagues at work. Every 7pm, he will call asking where I am. Even if I deliberately lie, he will correct me and say “that place is called Café Javas in Kamwokya.” He knows who has just sent me an sms and its contents. He knows my discussions on phone. He knows which bank I go to. They told me you are the experts in cyber security, do you think it is on the phone or cameras that are on the satellite that are following me or my friends at office and the security guard? I need answers and assurance.”

Bugging your laptop or mobile device especially iPad or phone is very easy.

The attach vectors

The first stage is to hack into your device and plant an agent or set up a code on your computer or mobile device or phone. Once the code is setup, it can then be remotely controlled to collect any desired information.

The easiest way to install a remote agent or code is to physically access your mobile device, download a spying app and set it. Most apps that do the spying, like https://www.xxxx.com/; and many others, are very powerful (I decided not to give the web addresses of the military grade spying apps used). The DDI one in the hands of an expert can cause real damage as it also attempts to brute force recover the passcode. If the owner of the iPhone is using a code, and not the biometric (face scan in case of iPhone X or thumb scan in case of older versions), then you just download and set up. If you suspect that someone could have hacked into your phone or device, just buy a new phone altogether.

In the corporate setup, it is easier for management to buy for you a new computer or phone. You need to take your new gadget to the experts to examine it through by running forensic checks on the known identities of the signature definitions of known spying apps. The experts can uninstall any unknown application hidden deep in your phone which you would never have got to know about. As times change, the technology is becoming so advanced that phone spy apps are so stealth that nothing changes in your phone unless you do a checksum and test it.

For friends or married people, most of the spy apps are installed during the period of bliss when love is still in the air. A phone with a spy app already set up may be given to the other partner as a birthday gift. Or during interactions, one of the partners may get the phone and install the app unknown by the other partners.

Today with Whatsup, it is so easy to access all the Whatsup chats of the person easily. All one has to do is open the whatsup in their smart phone browser at web.whatsup.com; and then scan the web access code on the partners phone. Once connected, the person will always access the Whatsup messages of the partners phone without knowledge whatsoever.

For a sophisticated hacker, they can make a remote access to the phone via a keylogger. An email, SMS, Whatsup message or skype chat with a link to download or click to read an article or new of interest to the target may be made. Once someone click on the link, a spy app gets installed in the background unknown to the victim. Another way is to recommend a mobile app to be downloaded. You must have seen instances where someone highly recommends a particular app. The truth is, the person has set up the app specifically for you to download and fall prey to his or her prying eyes. You must be very alert and aware otherwise, you may be reading your phone with so many other people.

Note: these are some of the so many cases handled by our investigators. They are unclassified cases with client permission. Only pseudonyms used. If the name referred to is yours, it is purely by coincidence.