Massive stalkerware leak puts thousands of phone data at risk – TechCrunch

Private phone the data of hundreds of thousands of people is at risk. Call recordings, text messages, photos, browsing history, precise geotagging and call recordings can all be pulled from a person’s phone due to a security issue in spyware widely used general public.

But that’s about all we can tell you. TechCrunch has repeatedly emailed the developer, whose identity is well hidden, via all known, non-public email addresses, but the investigative leads to disclose the issue have turned cold. We sent emails with trackers open to say if they had been read, but no luck either.

Efforts have been made to contact the developer of the spyware as the security and privacy of thousands of people are at risk until the issue is resolved. We cannot name the spyware or its developer as this would make it easier for bad actors to access unsecured data.

TechCrunch discovered the security issue as part of a larger consumer spyware investigation. These applications, often marketed as child tracking or monitoring software, may be called another name – “stalkerware” – for their ability to track and monitor people without their consent. These spyware applications silently and continuously siphon content from a person’s phone, allowing their operator to track a person’s whereabouts and with whom they are communicating. Many will have no idea that their phones are compromised, as these apps are designed to disappear from home screens to avoid detection or removal.

“I’m disappointed but not even slightly surprised,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation which led efforts to launch the Coalition Against Stalkerware, during a call with TechCrunch. “I think you could reasonably call this kind of behavior negligent. Not only do we have a company that makes a product that allows for abuse, but it does such a bad job of securing exfiltrated information that it opens up the targets of that abuse to even more abuse.

TechCrunch also reached out to Codero, the web company that hosts the developer’s spyware infrastructure, but Codero did not respond to multiple requests for comment. Codero is no stranger to stalkerware hosting; the host “took action” against stalkerware maker Mobiispy in 2019 after it was discovered shedding thousands of photos and phone records.

“I guess it’s no surprise that the web host that hosts one stalkerware company hosts other stalkerware companies, and they would if they weren’t responding before, that they wouldn’t respond this time around. here, “said Galperin.

The proliferation of this easily obtainable spyware has prompted the entire industry to fight against these applications. Antivirus makers have worked to improve their ability to detect malware, and Google has also banned spyware makers from promoting their products as a way to spy on a spouse’s phone, although some developers use new tactics to evade Google’s ad ban.

Mobile spyware is no stranger to security concerns. Over the past few years, more than a dozen stalkerware makers are known to have been hacked, left data exposed, or otherwise compromised data on people’s phones – including mSpy, Mobistealth, Flexispy, and Family Orbit. Another stalkerware, KidsGuard, had a security hole that exposed the phone data of thousands of people, and more recently pcTattleTale, which claims to be able to spy on a spouse’s device, was leaking screenshots via easily guessed web addresses.

Federal regulators are starting to take this into account. In September, the Federal Trade Commission banned SpyFone, a stalkerware application that also exposed the phone data of more than 2,000 people, and was ordered to notify victims that their phones had been hacked. This is the second action taken by the FTC against a spyware maker; the first was Retina-X, after the company was hacked several times and ultimately shut down.


If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides free, confidential 24/7 assistance to victims of domestic violence. If you are in an emergency, call 911. The Coalition Against Stalkerware also has resources if you suspect your phone has been compromised by spyware. This reporter can be reached on Signal and WhatsApp at +1 646-755-8849 or [email protected] by email.

Source link

About Dora Kohler

Check Also

Netlify Web Content Creation Platform Raises $ 105 Million

Leave him OSS Company Newsletter guide your open The source journey! Register here. Netlify, a …

Leave a Reply

Your email address will not be published. Required fields are marked *