Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Trojan Records Phone Calls

Posted by timothy on from the goodnight-snookums-wookums dept.

jbrodkin writes "A new Android Trojan is capable of recording phone conversations, according to a CA security researcher. While a previous Trojan found by CA logged the details of incoming and outgoing phone calls and the call duration, new malware identified this week records the actual phone conversations in AMR format and stores the recordings on the device's SD card. The malware also 'drops a 'configuration' file that contains key information about the remote server and the parameters,' CA security researcher Dinesh Venkatesan writes, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker. Installation of the Trojan requires some user interaction, but the malware recreates the look and feel of the standard Android application installation process, and may fool some unsuspecting users."

46 of 74 comments (clear)

  1. Recording should be a basic function... ? by acidradio · · Score: 5, Insightful

    So I have to rootkit my own phone in order to record anything but this trojan can just record everything on its own? What a scam! I'm glad it takes a virus writer to extract what I consider to be a basic functionality out of my phone.

    1. Re:Recording should be a basic function... ? by The+Optimizer · · Score: 3, Interesting

      I was under the impression that there were no public APIs for getting at the audio data from the call in progress,specifically to keep people from making apps that could record calls due to legality issues (wiretapping, etc, depending on your location and jurisdiction).

      The "recorder" programs that are out there recording directly from the mic, and are usually not able to pick up the output from the speaker (and if they do, it's usually very faint). iPhones / iOS lack the capability for the same reasons.

      I think a lot of people would find it very useful, for a number of various reasons, to have the ability to have their calls automatically recorded, with metadata of who, when, etc, stored in .WAV or other easily playable format, and automatically synced with their PC.

    2. Re:Recording should be a basic function... ? by Kenja · · Score: 1

      The issue would seem to be a legal one. It is illegal in many US states to record a phone call unless both parties agree to it before hand. My understanding is that Google locked down the API for call recording as a result. They are still there however, but they dont work on all phones.

      This raises another point, did they test this "torjan" outside of the dev (emulated) environment? Because there are a number of call recording apps out there, but they simply wont work on a lot of Android builds because the required OS hooks are missing.

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    3. Re:Recording should be a basic function... ? by s0litaire · · Score: 1

      You need a patched kernel to get access to the API's
      A few of the custom ROM's are now using this patch in their kernels as standard (CM7 for one). There's a specific CallRecorder app that's designed to use that patch and API's with some ROM's and it works great!

      --
      Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
    4. Re:Recording should be a basic function... ? by sgtron · · Score: 1

      No kidding. I could do this with my nokia phone, no problem. But with android it's like pulling teeth. Somebody link to this "trojan" so I can install it for my own phone.

      --
      No todo lo que es oro brilla
    5. Re:Recording should be a basic function... ? by s0litaire · · Score: 3, Informative

      no need for trojans

      check android market for the developer "skvalex" and check the link in his "CallRecorder" app..
      it's been around for nearly a year!!

      --
      Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
    6. Re:Recording should be a basic function... ? by Anonymous Coward · · Score: 1

      I was very disappointed to find that I could not record calls on my android phone the way I could on my windows mobile phone, but I ended up switching to VOIP rather than use voice minutes, and CSipSimple is a great free (GPL) VOIP app that I ended up settling on. Once I went through the config I found that it has the option to record calls, and now I have a feature I wanted badly along with VOIP.

    7. Re:Recording should be a basic function... ? by rhook · · Score: 2

      Actually most states are one party consent when it comes to recording phone calls/conversations. Only 11 states require all parties to consent to the recording. In any case the manufacture cannot be held legally responsible for the actions of the end user.

      http://en.wikipedia.org/wiki/Telephone_recording_laws#Two-party_notification_states

    8. Re:Recording should be a basic function... ? by victorhooi · · Score: 1

      heya,

      Yeah, I have to agree with the parent and all the other repliers.

      This is frigging ridiculous - my old Nokia could record my calls fine. Heck, Windows Mobile 6.5 phones can record the damn call.

      Yet on Android - the inablity to record calls has been an outstanding bug for what...2 years?

      http://code.google.com/p/android/issues/detail?id=2117

      And guess what - it's also currently ranked number *eight* by users for Android bugs:

      http://code.google.com/p/android/issues/list?can=2&q=&sort=-stars&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars

      I think it goes to show that Google isn't very good at the "listening to user's part". Lol. I mean, they make cool projects, and I'm sure they're brilliantly smart and all. But actually listening to users is definitely not their forte. Pft.

      All the current workarounds require you to root your phone, and even then, work reliably on all handsets they will not...

      If this trojan can actually do what it claims to do - I hope somebody dissects it, and packages the functionality into an application on Android Market.

      Cheers,
      Victor

    9. Re:Recording should be a basic function... ? by Artifex · · Score: 2

      As his notes and the related XDA forum say, you need to also patch, if your ROM doesn't already include support for it.
      (When I switched from one ROM to another recently, it stopped recording, even though the su log showed call recorder still starting and stopping with each call. This is why.)

      --
      Get off my launchpad!
    10. Re:Recording should be a basic function... ? by cavreader · · Score: 1

      "it's also currently ranked number *eight* by users for Android bugs" This is interesting since this is missing functionality not a bug. Android phones do not advertise or provide this as default functionality. Maybe you used "bug" by mistake but if not there are significant differences in how bug reports and new functionality requests are prioritized and released with "bugs" usually getting the priority depending on the severity. If you are adding new functionality you might, I say might, be depending on the existing release features and if there are bugs your new features could be effected.

    11. Re:Recording should be a basic function... ? by ne0n · · Score: 1

      There are many ROMs that support proper "official" call recording ripped from the OEM Samsung Korean ROMs (which have it enabled by default IIRC). I've used it and it works perfectly, no mic-record nonsense involved. AFAIK it only works on Froyo so far.

      Or you can just use MIUI, which everyone should be doing anyway. It kicks ass and supports call recording. No virus needed.

      --
      $ :(){ :|:& };:
    12. Re:Recording should be a basic function... ? by NorQue · · Score: 1

      Or you can just use MIUI, which everyone should be doing anyway. It kicks ass and supports call recording. No virus needed.

      How do you do that? I just spent 10 minutes wading through the various settings menus and couldn't find anything related to call recording.

    13. Re:Recording should be a basic function... ? by ne0n · · Score: 1

      while in a phone call hit the Tools button to get the Record option. it will record an .amr file for you.

      --
      $ :(){ :|:& };:
    14. Re:Recording should be a basic function... ? by DaFallus · · Score: 1

      Can you please list a few phones that do provide this "basic" functionality? I'm genuinely curious.

      --
      No one cares what your captcha was

      Houston TX, USA
    15. Re:Recording should be a basic function... ? by Kamiza+Ikioi · · Score: 1

      I used to be able to record phone calls... even after rooting, I now cannot. This article is like saying, "Trojan does cool thing you can't do on your own but wish you could."

      Next up, a flu virus spreading that gives you the ability to fly? Oooo, horrible! /sarcasm

      --
      I8-D
  2. Where's the Torjan part? by Kenja · · Score: 5, Insightful

    This is an application that records phone calls. It tells you it will do this when you install it and it will require you opt to install it from an untrusted site after configuring your phone to allow such an action.

    But then I guess "phone call recording app records phone calls" is less of an alarmist title.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Where's the Torjan part? by aztracker1 · · Score: 1

      Fair enough... I live in a state where only one party requires notice for recording a call, me being that party should allow it... I have no desire to do so, but would be nice.

      --
      Michael J. Ryan - tracker1.info
    2. Re:Where's the Torjan part? by MobileTatsu-NJG · · Score: 1

      But then I guess "phone call recording app records phone calls" is less of an alarmist title.

      What's funny is lots of people who rely on Slashdot for their smartphone news actually consider themselves informed.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    3. Re:Where's the Torjan part? by dizzysoul · · Score: 1

      "Where's the Torjan part?" I would love to tell you, but you will first have to explain to me what a Torjan is!

    4. Re:Where's the Torjan part? by SETIGuy · · Score: 1

      We need a name for apps that do things that the OS maker doesn't want apps to do. Since it's Android, I think the appropriate term is "renegade." How's this for a title "Renegade app allows Android users to do something Google doesn't want them to do."

      --
      Support SETI@home
    5. Re:Where's the Torjan part? by Viree · · Score: 1

      There isn't any mention of what this 'trojan' is called on android Market. Am I reading too fast from TFA?

    6. Re:Where's the Torjan part? by geminidomino · · Score: 1

      Nah, still too obvious and not android-y enough.

      I think we should use "replicant."

    7. Re:Where's the Torjan part? by adolf · · Score: 1

      I'd also like to know what it's called.

      I've wanted a telephone recording app for my Droid...ever since I got my Droid. I live in a one-party state, so it's no big deal to record calls when I deem it useful.

      I have a funky little microphone from Olympus that fits into my ear and does a very good job of capturing my own voice and the audio from the telephone's earspeaker, but carrying that and the digital recorder that goes with it is bothersome -- let alone cabling it all up to use it.

      --
      Kid-proof tablet..
  3. Attention Cheaters. by anubi · · Score: 1

    This application, even just the fear of the possibility of it running, will instill a lot of fear in those using their phone for personal relationship infidelity,

    Variants of this application are apt to become very popular amongst those suspecting their relationships are not pure.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  4. Re:Android is Windows 95 hell all over again by Anonymous Coward · · Score: 1

    Not to disagree with your point but...why do you want apps running "in a chroot jail" when none of the apps on the whole phone, even mission critical apps like the dialer, already run as an unprivileged user?

    I think you're confusing root with having write permissions to the SD card or something here. Without manually rooting the phone itself, NOTHING ON THE WHOLE DEVICE runs as root. Placing every app in a jail is just going to add a small amount of additional memory overhead for every process.

    Perhaps more to your point though, the real solution here is to uncover the console a little. I know, I know, GUIs are great and all that, but the nice thing about seeing "root@box" before every single command you ever execute is that there's no doubt in your mind what user is starting the process, and what permissions that process will have.

    A good solution for this would be something like Launchy (google it) for android, with a special icon to denote when the program you're starting will be running with root permissions. Of course, unless the ROM is rooted, none of them are, but even now I sometimes forget I gave a certain app superuser permissions and it would be nice to have a reminder. Not a warning. A popup dialog is never a good answer! However, a simple icon beside the program in the app drawer that designates it'll run as root by default would be nice.

    In any case, the proper solution to security is smarter users plus unobtrusive notification. Popup warnings and outright denial do nothing but frustrate users and force them to use a less annoying - and less safe - means to accomplish whatever it is they're damn well going to do anyway.

    Keep your hard and fast rules in the firewall. Everything within the network is going to require smarter people to function anyway.

  5. Re:Android is Windows 95 hell all over again by psyclone · · Score: 1

    Check out the excellent Droidwall app. It requires root of course to run iptables, but shouldn't we all have root on our phones?

    To the GP, I agree android should support finer grained permissions (and each version of the OS has more perms) in addition to selecting which permissions the user wants to grant the app! (Not just "OK" to allow all the permissions the app asks for, but the user could pick and choose which perms to give it; obviously not granting some perms would cripple some apps..) Without that ability, Droidwall at least blocks internet connectivity for all apps in whitelist mode.

    And you will both learn when running Droidwall that each app runs as its own user on the phone. Hence it gives you the requested GUI to allow each app access to the net (over 3G and/or wifi).

  6. Linux distro subject of FUD by Trufagus · · Score: 1

    Nothing new.

  7. Re:Android is Windows 95 hell all over again by shutdown+-p+now · · Score: 1

    I want all apps to run in a chroot jail.

    Why do you need a chroot, if you can just set permissions such that the app can only see what it needs to see?

    And Android does that already. System partition is by and large off-limits. Each app gets its own directory with full access to itself and no-one else, which is the default storage location. SD card (or whatever is mounted to /sdcard - on phones like Nexus S, it's just a separate partition) is shared between all.

  8. What makes it a trojan? by Lenbok · · Score: 1

    The linked article (and the blog post that it links to) doesn't say what makes the app a trojan as opposed to functionality the user may have actually been intending to install. What was the app pretending to be? Scaremongering, or just a poorly written blog post?

    1. Re:What makes it a trojan? by SETIGuy · · Score: 1

      Yes, it is, in fact, scaremongering. Someone doesn't understand that a trojan pretends to be something it isn't. This appears to be what it's advertised to be.

      --
      Support SETI@home
    2. Re:What makes it a trojan? by bonch · · Score: 1

      A piece of software tricks the user into installing it, secretly records phone conversations, and sends them to a remote server, and you're wondering why it's considered a trojan? A trojan is any piece of malicious software that tricks the user into installing it through social engineering.

    3. Re:What makes it a trojan? by bonch · · Score: 1

      This thing tricks users into installing it by mimicking a legitimate installation screen, records conversations, and contains configuration information for a remote server which suggests uploading of those conversations, and you think it's "scaremongering" to label it a trojan? Give me a break.

    4. Re:What makes it a trojan? by geminidomino · · Score: 1

      Let me guess... someone else typed in this post originally and you've just been cutting and pasting it, since you're clearly illiterate.

  9. The above article is nothing but FUD by dizzysoul · · Score: 3, Informative

    Android has strict permissions enforcement for every application. It's even built into the marketplace! You cannot install an application without first being told WHAT the application wants access to. If the application wants to record your phone calls, the installer will specifically tell you the application is requesting access to your microphone. The installer forces you to scroll down to hit next, and there is literally NO WAY you can miss reading it. If you install applications from an untrusted source, Android will specifically WARN YOU that you could be installing something dangerous. The above article is nothing but FUD. If you read the source article, it says you have to install from an untrusted source, go through the warnings, and still go through the installation process.

    1. Re:The above article is nothing but FUD by brim4brim · · Score: 1

      Which is exactly what I thought it would be. Hate BS articles like this. This just in, people die from getting killed!! type stories, argh.

    2. Re:The above article is nothing but FUD by bonch · · Score: 1

      And another Android fanboy completely ignores the part in the article about mimicking a legitimate installation screen.

    3. Re:The above article is nothing but FUD by bonch · · Score: 1

      Which is exactly what I thought it would be.

      In other words, you had already decided before reading the article that it was wrong. TFA says it imitates a legitimate installation screen to trick users.

    4. Re:The above article is nothing but FUD by brim4brim · · Score: 1

      No I used my logic as an Android user to think about how apps get installed from third party sources having installed some to deduce that the article was most likely BS.

  10. Re:Thank Jobs for iPhone! by andydread · · Score: 2

    You have to install it from an untrusted source. If you go to an android phone Application->Settings and manually enable "Allow the installation of apps from untrusted sources" Then add the untrusted source that hosts malware then you will be able to install it. In other words you have to go out of your way to get infected. You know... leave the garden of Google Marketplace. Most people that choose to exercise that choice (Which Dear Leader Steve does not allow on your iPhone) will know to be careful when adding Chinese malware sources to their Android.

  11. Re:Android is Windows 95 hell all over again by BradleyUffner · · Score: 1

    Why do you need a chroot, if you can just set permissions such that the app can only see what it needs to see?

    And Android does that already. System partition is by and large off-limits. Each app gets its own directory with full access to itself and no-one else, which is the default storage location. SD card (or whatever is mounted to /sdcard - on phones like Nexus S, it's just a separate partition) is shared between all.

    Some applications will not run if they can't have access to the filesystem. I would still like to run these applications. The Chroot jail would allow you to present a fake filesystem to the application that it can change however it wants without breaking anything else. The same thing can be extended to other areas. App refuses to run without seeing your contacts? Here, have a fake address book.

  12. Re:Android is Windows 95 hell all over again by cheeks5965 · · Score: 1

    I want all apps to run in a choad jail.

    FTFY! You're welcome.

    --
    -- Flame me and I will happily flame you back. Bring it!
  13. Like A Monty Python Sketch by Ukab+the+Great · · Score: 1

    So in other words: Android is secure because every human being should be perfectly capable of reading dialogs, groking the details, and making use of trusted sources instead of untrusted ones. All the people who aren't reading articles, groking their details, and referring to trusted article sources are obviously spreading FUD about how Android treats the issue of security.

  14. Re:It can upload the recordings by Anonymous Coward · · Score: 1

    (It can upload the recordings ) to a malicious user. Read the fucking summary.

    I just did. It says perhaps suggesting. There is no actual indication that it can even do so; that behavior was not observed on the two emulators they ran the software on and it doesn't look like they even tried to reverse engineer it.

    Here's the link to the actual article by the CA researcher: http://community.ca.com/blogs/securityadvisor/archive/2011/08/01/a-trojan-spying-on-your-conversations.aspx
    Some items to note:

    1. Nowhere does he provide reasoning or justification for why this software is being considered Malicious, much less a Trojan.
    2. He claims that it "tricks users" by presenting a window which appears to look like a normal Android Install window. But then he says it requires the user to actually grant permissions... so that doesn't just "look like" a normal install window, it IS a normal install window. Additionally, the only way to install it is via a 3rd party store... so the user has to somehow enable 3rd party app store installs as well.
    3. As for the malicious nature of the program- he seems to be taking offense to it recording calls. Or storing the recordings. He never says what he's calling "malicious". He speculates that some server info stored in a local file is an indicator that it might be able to upload data. Again, no logic behind why this is malicious and an FTP program is not.
    4. There is absolutely NO evidence that this allows any kind of remote access to the phone. There is no evidence it is actually trying to connect to a remote server, or upload automatically.
    5. This software was never tested on an actual device- he used two emulators.

    So without knowing anything about how this software is advertised, it is by definition impossible to determine if it's a Trojan or not. And so far there isn't any evidence that it's doing anything malicious at all. In fact, I really don't see how this software is ANY different than any of the other applications which allow in-call recording.

  15. "Talk is Cheap" by LifesABeach · · Score: 1

    Let's see the source.

  16. Re:Android is Windows 95 hell all over again by psyclone · · Score: 1

    Oh, I agree that's a problem -- which is why I would love the ability for the user to decide which permissions to grant. The app requests them, and the user grants/denies them on a fine-grained basis.

    However, Angry Birds on Android (all 3 versions) do not request access to the contact list. At least the ones I downloaded from the market. They all want internet access though, and the standard version wants GPS location.