Forgot your password?
typodupeerror
Android Cellphones Communications Handhelds Privacy Security

Android Trojan Records Phone Calls 74

Posted by timothy
from the goodnight-snookums-wookums dept.
jbrodkin writes "A new Android Trojan is capable of recording phone conversations, according to a CA security researcher. While a previous Trojan found by CA logged the details of incoming and outgoing phone calls and the call duration, new malware identified this week records the actual phone conversations in AMR format and stores the recordings on the device's SD card. The malware also 'drops a 'configuration' file that contains key information about the remote server and the parameters,' CA security researcher Dinesh Venkatesan writes, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker. Installation of the Trojan requires some user interaction, but the malware recreates the look and feel of the standard Android application installation process, and may fool some unsuspecting users."
This discussion has been archived. No new comments can be posted.

Android Trojan Records Phone Calls

Comments Filter:
  • Can you hear me ??
    No .. no .. you're breaking up
    Yeah thats better .. no .. move back where you were
    Sorry what was that?
    Hello .. hello .. you still there???
  • by acidradio (659704) on Monday August 01, 2011 @07:04PM (#36953822)

    So I have to rootkit my own phone in order to record anything but this trojan can just record everything on its own? What a scam! I'm glad it takes a virus writer to extract what I consider to be a basic functionality out of my phone.

    • by The Optimizer (14168) on Monday August 01, 2011 @07:14PM (#36953928)

      I was under the impression that there were no public APIs for getting at the audio data from the call in progress,specifically to keep people from making apps that could record calls due to legality issues (wiretapping, etc, depending on your location and jurisdiction).

      The "recorder" programs that are out there recording directly from the mic, and are usually not able to pick up the output from the speaker (and if they do, it's usually very faint). iPhones / iOS lack the capability for the same reasons.

      I think a lot of people would find it very useful, for a number of various reasons, to have the ability to have their calls automatically recorded, with metadata of who, when, etc, stored in .WAV or other easily playable format, and automatically synced with their PC.

      • by Anonymous Coward

        I was very disappointed to find that I could not record calls on my android phone the way I could on my windows mobile phone, but I ended up switching to VOIP rather than use voice minutes, and CSipSimple is a great free (GPL) VOIP app that I ended up settling on. Once I went through the config I found that it has the option to record calls, and now I have a feature I wanted badly along with VOIP.

      • by ne0n (884282)
        There are many ROMs that support proper "official" call recording ripped from the OEM Samsung Korean ROMs (which have it enabled by default IIRC). I've used it and it works perfectly, no mic-record nonsense involved. AFAIK it only works on Froyo so far.

        Or you can just use MIUI, which everyone should be doing anyway. It kicks ass and supports call recording. No virus needed.
        • by NorQue (1000887)

          Or you can just use MIUI, which everyone should be doing anyway. It kicks ass and supports call recording. No virus needed.

          How do you do that? I just spent 10 minutes wading through the various settings menus and couldn't find anything related to call recording.

          • by ne0n (884282)
            while in a phone call hit the Tools button to get the Record option. it will record an .amr file for you.
      • I used to be able to record phone calls... even after rooting, I now cannot. This article is like saying, "Trojan does cool thing you can't do on your own but wish you could."

        Next up, a flu virus spreading that gives you the ability to fly? Oooo, horrible! /sarcasm

    • by Kenja (541830)
      The issue would seem to be a legal one. It is illegal in many US states to record a phone call unless both parties agree to it before hand. My understanding is that Google locked down the API for call recording as a result. They are still there however, but they dont work on all phones.

      This raises another point, did they test this "torjan" outside of the dev (emulated) environment? Because there are a number of call recording apps out there, but they simply wont work on a lot of Android builds because the
      • You need a patched kernel to get access to the API's
        A few of the custom ROM's are now using this patch in their kernels as standard (CM7 for one). There's a specific CallRecorder app that's designed to use that patch and API's with some ROM's and it works great!

      • by rhook (943951)

        Actually most states are one party consent when it comes to recording phone calls/conversations. Only 11 states require all parties to consent to the recording. In any case the manufacture cannot be held legally responsible for the actions of the end user.

        http://en.wikipedia.org/wiki/Telephone_recording_laws#Two-party_notification_states [wikipedia.org]

    • by sgtron (35704)

      No kidding. I could do this with my nokia phone, no problem. But with android it's like pulling teeth. Somebody link to this "trojan" so I can install it for my own phone.

    • heya,

      Yeah, I have to agree with the parent and all the other repliers.

      This is frigging ridiculous - my old Nokia could record my calls fine. Heck, Windows Mobile 6.5 phones can record the damn call.

      Yet on Android - the inablity to record calls has been an outstanding bug for what...2 years?

      http://code.google.com/p/android/issues/detail?id=2117 [google.com]

      And guess what - it's also currently ranked number *eight* by users for Android bugs:

      http://code.google.com/p/android/issues/list?can=2&q=&sort=-stars&cols [google.com]

      • "it's also currently ranked number *eight* by users for Android bugs" This is interesting since this is missing functionality not a bug. Android phones do not advertise or provide this as default functionality. Maybe you used "bug" by mistake but if not there are significant differences in how bug reports and new functionality requests are prioritized and released with "bugs" usually getting the priority depending on the severity. If you are adding new functionality you might, I say might, be depending on t
    • by DaFallus (805248)
      Can you please list a few phones that do provide this "basic" functionality? I'm genuinely curious.
  • by Kenja (541830) on Monday August 01, 2011 @07:08PM (#36953862)
    This is an application that records phone calls. It tells you it will do this when you install it and it will require you opt to install it from an untrusted site after configuring your phone to allow such an action.

    But then I guess "phone call recording app records phone calls" is less of an alarmist title.
    • Fair enough... I live in a state where only one party requires notice for recording a call, me being that party should allow it... I have no desire to do so, but would be nice.
    • But then I guess "phone call recording app records phone calls" is less of an alarmist title.

      What's funny is lots of people who rely on Slashdot for their smartphone news actually consider themselves informed.

    • "Where's the Torjan part?" I would love to tell you, but you will first have to explain to me what a Torjan is!
    • by SETIGuy (33768) *
      We need a name for apps that do things that the OS maker doesn't want apps to do. Since it's Android, I think the appropriate term is "renegade." How's this for a title "Renegade app allows Android users to do something Google doesn't want them to do."
    • by Viree (214760)
      There isn't any mention of what this 'trojan' is called on android Market. Am I reading too fast from TFA?
      • by adolf (21054)

        I'd also like to know what it's called.

        I've wanted a telephone recording app for my Droid...ever since I got my Droid. I live in a one-party state, so it's no big deal to record calls when I deem it useful.

        I have a funky little microphone from Olympus that fits into my ear and does a very good job of capturing my own voice and the audio from the telephone's earspeaker, but carrying that and the digital recorder that goes with it is bothersome -- let alone cabling it all up to use it.

  • This application, even just the fear of the possibility of it running, will instill a lot of fear in those using their phone for personal relationship infidelity,

    Variants of this application are apt to become very popular amongst those suspecting their relationships are not pure.
  • The linked article (and the blog post that it links to) doesn't say what makes the app a trojan as opposed to functionality the user may have actually been intending to install. What was the app pretending to be? Scaremongering, or just a poorly written blog post?

    • by SETIGuy (33768) *
      Yes, it is, in fact, scaremongering. Someone doesn't understand that a trojan pretends to be something it isn't. This appears to be what it's advertised to be.
      • by bonch (38532) *

        This thing tricks users into installing it by mimicking a legitimate installation screen, records conversations, and contains configuration information for a remote server which suggests uploading of those conversations, and you think it's "scaremongering" to label it a trojan? Give me a break.

        • Let me guess... someone else typed in this post originally and you've just been cutting and pasting it, since you're clearly illiterate.

    • by bonch (38532) *

      A piece of software tricks the user into installing it, secretly records phone conversations, and sends them to a remote server, and you're wondering why it's considered a trojan? A trojan is any piece of malicious software that tricks the user into installing it through social engineering.

  • by dizzysoul (2275254) on Monday August 01, 2011 @08:37PM (#36954654)
    Android has strict permissions enforcement for every application. It's even built into the marketplace! You cannot install an application without first being told WHAT the application wants access to. If the application wants to record your phone calls, the installer will specifically tell you the application is requesting access to your microphone. The installer forces you to scroll down to hit next, and there is literally NO WAY you can miss reading it. If you install applications from an untrusted source, Android will specifically WARN YOU that you could be installing something dangerous. The above article is nothing but FUD. If you read the source article, it says you have to install from an untrusted source, go through the warnings, and still go through the installation process.
    • Which is exactly what I thought it would be. Hate BS articles like this. This just in, people die from getting killed!! type stories, argh.
      • by bonch (38532) *

        Which is exactly what I thought it would be.

        In other words, you had already decided before reading the article that it was wrong. TFA says it imitates a legitimate installation screen to trick users.

        • No I used my logic as an Android user to think about how apps get installed from third party sources having installed some to deduce that the article was most likely BS.
    • by bonch (38532) *

      And another Android fanboy completely ignores the part in the article about mimicking a legitimate installation screen.

    • So in other words: Android is secure because every human being should be perfectly capable of reading dialogs, groking the details, and making use of trusted sources instead of untrusted ones. All the people who aren't reading articles, groking their details, and referring to trusted article sources are obviously spreading FUD about how Android treats the issue of security.

  • Let's see the source.

Happiness is a positive cash flow.

Working...