Android Trojan Records Phone Calls

jbrodkin writes "A new Android Trojan is capable of recording phone conversations, according to a CA security researcher. While a previous Trojan found by CA logged the details of incoming and outgoing phone calls and the call duration, new malware identified this week records the actual phone conversations in AMR format and stores the recordings on the device's SD card. The malware also 'drops a 'configuration' file that contains key information about the remote server and the parameters,' CA security researcher Dinesh Venkatesan writes, perhaps suggesting that the recorded calls can be uploaded to a server maintained by an attacker. Installation of the Trojan requires some user interaction, but the malware recreates the look and feel of the standard Android application installation process, and may fool some unsuspecting users."

What was that ...

[OzPeter]

Can you hear me ??
No .. no .. you're breaking up
Yeah thats better .. no .. move back where you were
Sorry what was that?
Hello .. hello .. you still there???

Recording should be a basic function... ?

[acidradio]

So I have to rootkit my own phone in order to record anything but this trojan can just record everything on its own? What a scam! I'm glad it takes a virus writer to extract what I consider to be a basic functionality out of my phone.

Re:Recording should be a basic function... ?

[The Optimizer]

I was under the impression that there were no public APIs for getting at the audio data from the call in progress,specifically to keep people from making apps that could record calls due to legality issues (wiretapping, etc, depending on your location and jurisdiction).

The "recorder" programs that are out there recording directly from the mic, and are usually not able to pick up the output from the speaker (and if they do, it's usually very faint). iPhones / iOS lack the capability for the same reasons.

I think a lot of people would find it very useful, for a number of various reasons, to have the ability to have their calls automatically recorded, with metadata of who, when, etc, stored in .WAV or other easily playable format, and automatically synced with their PC.

Re:

[Anonymous Coward]

I was very disappointed to find that I could not record calls on my android phone the way I could on my windows mobile phone, but I ended up switching to VOIP rather than use voice minutes, and CSipSimple is a great free (GPL) VOIP app that I ended up settling on. Once I went through the config I found that it has the option to record calls, and now I have a feature I wanted badly along with VOIP.

Re:

[ne0n]

There are many ROMs that support proper "official" call recording ripped from the OEM Samsung Korean ROMs (which have it enabled by default IIRC). I've used it and it works perfectly, no mic-record nonsense involved. AFAIK it only works on Froyo so far.

Or you can just use MIUI, which everyone should be doing anyway. It kicks ass and supports call recording. No virus needed.

Re:

[NorQue]

Or you can just use MIUI, which everyone should be doing anyway. It kicks ass and supports call recording. No virus needed.

How do you do that? I just spent 10 minutes wading through the various settings menus and couldn't find anything related to call recording.

Re:

[ne0n]

while in a phone call hit the Tools button to get the Record option. it will record an .amr file for you.

Re:

[Kamiza Ikioi]

I used to be able to record phone calls... even after rooting, I now cannot. This article is like saying, "Trojan does cool thing you can't do on your own but wish you could."

Next up, a flu virus spreading that gives you the ability to fly? Oooo, horrible! /sarcasm

Re:

[Kenja]

The issue would seem to be a legal one. It is illegal in many US states to record a phone call unless both parties agree to it before hand. My understanding is that Google locked down the API for call recording as a result. They are still there however, but they dont work on all phones.

This raises another point, did they test this "torjan" outside of the dev (emulated) environment? Because there are a number of call recording apps out there, but they simply wont work on a lot of Android builds because the

Re:

[s0litaire]

You need a patched kernel to get access to the API's
A few of the custom ROM's are now using this patch in their kernels as standard (CM7 for one). There's a specific CallRecorder app that's designed to use that patch and API's with some ROM's and it works great!

Re:

[rhook]

Actually most states are one party consent when it comes to recording phone calls/conversations. Only 11 states require all parties to consent to the recording. In any case the manufacture cannot be held legally responsible for the actions of the end user.

http://en.wikipedia.org/wiki/Telephone_recording_laws#Two-party_notification_states [wikipedia.org]

Re:

[sgtron]

No kidding. I could do this with my nokia phone, no problem. But with android it's like pulling teeth. Somebody link to this "trojan" so I can install it for my own phone.

Re:Recording should be a basic function... ?

[s0litaire]

no need for trojans

check android market for the developer "skvalex" and check the link in his "CallRecorder" app..
it's been around for nearly a year!!

Re:

[Artifex]

As his notes and the related XDA forum say, you need to also patch, if your ROM doesn't already include support for it.
(When I switched from one ROM to another recently, it stopped recording, even though the su log showed call recorder still starting and stopping with each call. This is why.)

Re:

[victorhooi]

heya,

Yeah, I have to agree with the parent and all the other repliers.

This is frigging ridiculous - my old Nokia could record my calls fine. Heck, Windows Mobile 6.5 phones can record the damn call.

Yet on Android - the inablity to record calls has been an outstanding bug for what...2 years?

http://code.google.com/p/android/issues/detail?id=2117 [google.com]

And guess what - it's also currently ranked number *eight* by users for Android bugs:

http://code.google.com/p/android/issues/list?can=2&q=&sort=-stars&cols [google.com]

Re:

[cavreader]

"it's also currently ranked number *eight* by users for Android bugs" This is interesting since this is missing functionality not a bug. Android phones do not advertise or provide this as default functionality. Maybe you used "bug" by mistake but if not there are significant differences in how bug reports and new functionality requests are prioritized and released with "bugs" usually getting the priority depending on the severity. If you are adding new functionality you might, I say might, be depending on t

Re:

[DaFallus]

Can you please list a few phones that do provide this "basic" functionality? I'm genuinely curious.

Where's the Torjan part?

[Kenja]

This is an application that records phone calls. It tells you it will do this when you install it and it will require you opt to install it from an untrusted site after configuring your phone to allow such an action.

But then I guess "phone call recording app records phone calls" is less of an alarmist title.

Re:

[aztracker1]

Fair enough... I live in a state where only one party requires notice for recording a call, me being that party should allow it... I have no desire to do so, but would be nice.

Re:

[MobileTatsu-NJG]

But then I guess "phone call recording app records phone calls" is less of an alarmist title.

What's funny is lots of people who rely on Slashdot for their smartphone news actually consider themselves informed.

Re:

[dizzysoul]

"Where's the Torjan part?" I would love to tell you, but you will first have to explain to me what a Torjan is!

Re:

[Anonymous Coward]

(It can upload the recordings ) to a malicious user. Read the fucking summary.

I just did. It says perhaps suggesting. There is no actual indication that it can even do so; that behavior was not observed on the two emulators they ran the software on and it doesn't look like they even tried to reverse engineer it.

Here's the link to the actual article by the CA researcher: http://community.ca.com/blogs/securityadvisor/archive/2011/08/01/a-trojan-spying-on-your-conversations.aspx
Some items to note:

1. Nowhere does he provide reasoning or justification for why this software is being consid

Re:

[SETIGuy]

We need a name for apps that do things that the OS maker doesn't want apps to do. Since it's Android, I think the appropriate term is "renegade." How's this for a title "Renegade app allows Android users to do something Google doesn't want them to do."

Re:

[geminidomino]

Nah, still too obvious and not android-y enough.

I think we should use "replicant."

Re:

[Viree]

There isn't any mention of what this 'trojan' is called on android Market. Am I reading too fast from TFA?

Re:

[adolf]

I'd also like to know what it's called.

I've wanted a telephone recording app for my Droid...ever since I got my Droid. I live in a one-party state, so it's no big deal to record calls when I deem it useful.

I have a funky little microphone from Olympus that fits into my ear and does a very good job of capturing my own voice and the audio from the telephone's earspeaker, but carrying that and the digital recorder that goes with it is bothersome -- let alone cabling it all up to use it.

Re:

[Anonymous Coward]

Not to disagree with your point but...why do you want apps running "in a chroot jail" when none of the apps on the whole phone, even mission critical apps like the dialer, already run as an unprivileged user?

I think you're confusing root with having write permissions to the SD card or something here. Without manually rooting the phone itself, NOTHING ON THE WHOLE DEVICE runs as root. Placing every app in a jail is just going to add a small amount of additional memory overhead for every process.

Perhaps mor

Re:

[psyclone]

Check out the excellent Droidwall [appbrain.com] app. It requires root of course to run iptables, but shouldn't we all have root on our phones?

To the GP, I agree android should support finer grained permissions (and each version of the OS has more perms) in addition to selecting which permissions the user wants to grant the app! (Not just "OK" to allow all the permissions the app asks for, but the user could pick and choose which perms to give it; obviously not granting some perms would cripple some apps..) Without that a

Re:

[psyclone]

Oh, I agree that's a problem -- which is why I would love the ability for the user to decide which permissions to grant. The app requests them, and the user grants/denies them on a fine-grained basis.

However, Angry Birds on Android (all 3 versions) do not request access to the contact list. At least the ones I downloaded from the market. They all want internet access though, and the standard version wants GPS location.

Re:

[shutdown -p now]

I want all apps to run in a chroot jail.

Why do you need a chroot, if you can just set permissions such that the app can only see what it needs to see?

And Android does that already. System partition is by and large off-limits. Each app gets its own directory with full access to itself and no-one else, which is the default storage location. SD card (or whatever is mounted to /sdcard - on phones like Nexus S, it's just a separate partition) is shared between all.

Re:

[BradleyUffner]

Why do you need a chroot, if you can just set permissions such that the app can only see what it needs to see?

And Android does that already. System partition is by and large off-limits. Each app gets its own directory with full access to itself and no-one else, which is the default storage location. SD card (or whatever is mounted to /sdcard - on phones like Nexus S, it's just a separate partition) is shared between all.

Some applications will not run if they can't have access to the filesystem. I would still like to run these applications. The Chroot jail would allow you to present a fake filesystem to the application that it can change however it wants without breaking anything else. The same thing can be extended to other areas. App refuses to run without seeing your contacts? Here, have a fake address book.

Re:

[cheeks5965]

I want all apps to run in a choad jail.

FTFY! You're welcome.

Attention Cheaters.

[anubi]

This application, even just the fear of the possibility of it running, will instill a lot of fear in those using their phone for personal relationship infidelity,

Variants of this application are apt to become very popular amongst those suspecting their relationships are not pure.

Re:

[andydread]

You have to install it from an untrusted source. If you go to an android phone Application->Settings and manually enable "Allow the installation of apps from untrusted sources" Then add the untrusted source that hosts malware then you will be able to install it. In other words you have to go out of your way to get infected. You know... leave the garden of Google Marketplace. Most people that choose to exercise that choice (Which Dear Leader Steve does not allow on your iPhone) will know to be caref

Linux distro subject of FUD

[Trufagus]

Nothing new.

What makes it a trojan?

[Lenbok]

The linked article (and the blog post that it links to) doesn't say what makes the app a trojan as opposed to functionality the user may have actually been intending to install. What was the app pretending to be? Scaremongering, or just a poorly written blog post?

Re:

[SETIGuy]

Yes, it is, in fact, scaremongering. Someone doesn't understand that a trojan pretends to be something it isn't. This appears to be what it's advertised to be.

Re:

[bonch]

This thing tricks users into installing it by mimicking a legitimate installation screen, records conversations, and contains configuration information for a remote server which suggests uploading of those conversations, and you think it's "scaremongering" to label it a trojan? Give me a break.

Re:

[geminidomino]

Let me guess... someone else typed in this post originally and you've just been cutting and pasting it, since you're clearly illiterate.

Re:

[bonch]

A piece of software tricks the user into installing it, secretly records phone conversations, and sends them to a remote server, and you're wondering why it's considered a trojan? A trojan is any piece of malicious software that tricks the user into installing it through social engineering.

The above article is nothing but FUD

[dizzysoul]

Android has strict permissions enforcement for every application. It's even built into the marketplace! You cannot install an application without first being told WHAT the application wants access to. If the application wants to record your phone calls, the installer will specifically tell you the application is requesting access to your microphone. The installer forces you to scroll down to hit next, and there is literally NO WAY you can miss reading it. If you install applications from an untrusted source, Android will specifically WARN YOU that you could be installing something dangerous. The above article is nothing but FUD. If you read the source article, it says you have to install from an untrusted source, go through the warnings, and still go through the installation process.

Re:

[brim4brim]

Which is exactly what I thought it would be. Hate BS articles like this. This just in, people die from getting killed!! type stories, argh.

Re:

[bonch]

Which is exactly what I thought it would be.

In other words, you had already decided before reading the article that it was wrong. TFA says it imitates a legitimate installation screen to trick users.

Re:

[brim4brim]

No I used my logic as an Android user to think about how apps get installed from third party sources having installed some to deduce that the article was most likely BS.

Re:

[bonch]

And another Android fanboy completely ignores the part in the article about mimicking a legitimate installation screen.

Like A Monty Python Sketch

[Ukab the Great]

So in other words: Android is secure because every human being should be perfectly capable of reading dialogs, groking the details, and making use of trusted sources instead of untrusted ones. All the people who aren't reading articles, groking their details, and referring to trusted article sources are obviously spreading FUD about how Android treats the issue of security.

"Talk is Cheap"

[LifesABeach]

Let's see the source.