Recently a person reached out to me for a forensic analyses of his phone. Intrigued I asked him to explain the problem. He didn’t want to discuss this on the phone and asked to meet-up. We met in a cafe.
The man (Lets call him K) wanted to know if his phone is hacked and if someone has accessed his messages.K was not too tech savvy but well versed with his phone and used typical applications such as Whatspp, Uber etc. He had not used a password to lock the screen until recently. He wanted to know if someone had copied messages from his phone when he left it unattended.
Now that is such a difficult question to answer. Copying can be done in so many ways and in this context could also imply taking a screen grab from other phone and there is no way one will have any sort of valid log of that activity. So unless there is bit more context and details for this query it would be really hard to investigate.
I gently nudged him to share the context for the request so that I provide him a right solution. Here is the story, he was in the process of separating from his wife and during one of the fights she had threatened him saying that she has copies of his messages and will show the world the kind of person he is. He was paranoid and suspected that she had installed spying software and will use the messages out of context way to malign him.
I took a look at his apps to see if any suspicious software is installed. The samsung phone had two apps called shareit and shareall-dongle, both used to sync data and files between various devices. I asked him if he has installed them, he hadn’t. While these are not necessarily spying software per say, but can be used to siphon out data to another device. Another redflag was the phone being backed up to a google drive with an unknown gmail account. The data usage etc seemed normal so any surreptitious data transfer is ruled out. We deleted these and kept the app footprint to few favorite apps. I also disabled bluetooth and other connections just to be sure.
Anyway all these measures are for future and we have no way of knowing for sure what happened in the past. Only small consolation is such illegally acquired messages will not be admissible as evidence. Domestic situations are really complex and can defeat best of the security measures.
So if you want to make sure you aren’t spied on, follow this simple steps. (This isn’t exhaustive and doesn’t cover more sophisticated attacks. A post on that will be put up shortly)
- Check application folders for any unknown apps.
- See if the data usage has increased for no reason.
- Check if you are receiving any Strange SMS (sometimes used to control the spying applications)
- Check your automatic backup settings.
- And finally keep the screen locked and dont store sensitive data on SD cards.