Retina-X Studios, marketer of Mobile Spy, has denied antivirus company F-Secure’s claims that Mobile Spy contains a hole that can leak sensitive information.

Mobile Spy is a tool for secretly tracking calls and text messages on smart phones, and is marketed to businesses who want to monitor employees, parents who want to monitor their teens, or jilted lovers who want to monitor their partners. The information it tracks is supposedly accessible only by its registered users, and only for a particular smart phone.

F-Secure earlier said that it has found a way for anyone to access other people’s private accounts and it says the vulnerability lies in the way the URLs of demonstration accounts are configured.

Jarno Niemela, a senior antivirus researcher at F-Secure, told ZD Net that “You can put in different account numbers through the URL, and ID numbers are sequential. You could pull every message on the service.”

However, CEO of Retina-X Studios, James Johns, denied that such vulnerability existed. Though he didn’t comment on a screenshots provided on an F-Secure blog that purported to document the said vulnerability.

“The data leakage described is not possible with our servers,” he wrote in an email to The Register. “Anyone trying this method would receive a message denying access. Retina-X Studios takes customer privacy very seriously. We have tested all services to verify that this is not an issue.”

A security researcher at F-Secure, after checking the site again, told Vnunet that the problem has now disappeared.

It seems to be more convenient for Retina-X Studios to deny that the vulnerability ever existed than to admit taht there was a real problem, and to then gace possible legal action.

Related:

Entry was posted on Wednesday, October 3rd, 2007 at 10:58 pm under Technology.

Read more entries by Ruben Francia.
Stumble It!