Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Trojan Records Phone Calls

Posted by timothy on from the goodnight-snookums-wookums dept.

jbrodkin writes "A new Android Trojan is capable of recording phone conversations, according to a CA security researcher. While a previous Trojan found by CA logged the details of incoming and outgoing phone calls and the call duration, new malware identified this week records the actual phone conversations in AMR format and stores the recordings on the device's SD card. The malware also 'drops a 'configuration' file that contains key information about the remote server and the parameters,' CA security researcher Dinesh Venkatesan writes, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker. Installation of the Trojan requires some user interaction, but the malware recreates the look and feel of the standard Android application installation process, and may fool some unsuspecting users."

8 of 74 comments (clear)

  1. Recording should be a basic function... ? by acidradio · · Score: 5, Insightful

    So I have to rootkit my own phone in order to record anything but this trojan can just record everything on its own? What a scam! I'm glad it takes a virus writer to extract what I consider to be a basic functionality out of my phone.

    1. Re:Recording should be a basic function... ? by The+Optimizer · · Score: 3, Interesting

      I was under the impression that there were no public APIs for getting at the audio data from the call in progress,specifically to keep people from making apps that could record calls due to legality issues (wiretapping, etc, depending on your location and jurisdiction).

      The "recorder" programs that are out there recording directly from the mic, and are usually not able to pick up the output from the speaker (and if they do, it's usually very faint). iPhones / iOS lack the capability for the same reasons.

      I think a lot of people would find it very useful, for a number of various reasons, to have the ability to have their calls automatically recorded, with metadata of who, when, etc, stored in .WAV or other easily playable format, and automatically synced with their PC.

    2. Re:Recording should be a basic function... ? by s0litaire · · Score: 3, Informative

      no need for trojans

      check android market for the developer "skvalex" and check the link in his "CallRecorder" app..
      it's been around for nearly a year!!

      --
      Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
    3. Re:Recording should be a basic function... ? by rhook · · Score: 2

      Actually most states are one party consent when it comes to recording phone calls/conversations. Only 11 states require all parties to consent to the recording. In any case the manufacture cannot be held legally responsible for the actions of the end user.

      http://en.wikipedia.org/wiki/Telephone_recording_laws#Two-party_notification_states

    4. Re:Recording should be a basic function... ? by Artifex · · Score: 2

      As his notes and the related XDA forum say, you need to also patch, if your ROM doesn't already include support for it.
      (When I switched from one ROM to another recently, it stopped recording, even though the su log showed call recorder still starting and stopping with each call. This is why.)

      --
      Get off my launchpad!
  2. Where's the Torjan part? by Kenja · · Score: 5, Insightful

    This is an application that records phone calls. It tells you it will do this when you install it and it will require you opt to install it from an untrusted site after configuring your phone to allow such an action.

    But then I guess "phone call recording app records phone calls" is less of an alarmist title.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  3. The above article is nothing but FUD by dizzysoul · · Score: 3, Informative

    Android has strict permissions enforcement for every application. It's even built into the marketplace! You cannot install an application without first being told WHAT the application wants access to. If the application wants to record your phone calls, the installer will specifically tell you the application is requesting access to your microphone. The installer forces you to scroll down to hit next, and there is literally NO WAY you can miss reading it. If you install applications from an untrusted source, Android will specifically WARN YOU that you could be installing something dangerous. The above article is nothing but FUD. If you read the source article, it says you have to install from an untrusted source, go through the warnings, and still go through the installation process.

  4. Re:Thank Jobs for iPhone! by andydread · · Score: 2

    You have to install it from an untrusted source. If you go to an android phone Application->Settings and manually enable "Allow the installation of apps from untrusted sources" Then add the untrusted source that hosts malware then you will be able to install it. In other words you have to go out of your way to get infected. You know... leave the garden of Google Marketplace. Most people that choose to exercise that choice (Which Dear Leader Steve does not allow on your iPhone) will know to be careful when adding Chinese malware sources to their Android.