First published: 31st October 2007
F-Secure has said that Retina-X Studios' Mobile Spy is "not built to be secure". Mobile Spy is an application aimed at businesses wishing to spy on monitor their employees' Windows Mobile smartphone traffic. In a posting on their weblog, F-Secure revealed how the Mobile Spy website could be made to display call details for other accounts simply by changing the account ID in the URL, up until a couple of days before the public announcement of the flaw.
In a statement, James Johns, Retina-X Studios chief executive, claimed that the flaw did not exist, and all their servers had been tested for it.
F-Secure later reported that, although the original flaw had been fixed, they had received reports that the server was vulnerable to SQL injection attack, so all Mobile Spy's customer's data was potentially still at risk.