Security researchers have built a lightweight Android application that remotely activates a phone's microphone to eavesdrop on conversations.
The proof-of-concept application downloads instructions from a remote server to begin recording conversations when a victim arrives at a specific location.
Attackers could potentially listen in on sensitive conversations by activating the rogue application at target GPS coordinates.
The application was developed by researchers at Sydney-based Sense of Security and will be launched at the AusCERT security event in Queensland next week.
"The aim was to show how easy and plausible it is to spy on an owner through mobile devices," co-founder Murray Goldsmidt told SC Magazine.
He said the Android application was composed of about 600 lines of code and could be ported to other mobile operating systems.
During field tests, the application had recorded around 30 seconds of audio at a specific location and siphoned the data to the company's servers.
The application could be installed on phones by drive-by-downloads or locally.
Goldschmidt will detail the application during his AusCERT Thursday presentation.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.