As you might imagine, Spyfone is a company that offers to spy on other peoples' phones for you: its major market is parents and bosses who infect and surveil the phones their kids/minions use, peeking on their texts, emails, Facebook messages, passwords, photos, browsing history, etc.
Spyfone is, in the words of my EFF colleague Eva Galperin, "a magical combination of shady, irresponsible, and incompetent." A security researcher has discovered that Spyfone maintains an unencrypted, unprotected Amazon S3 bucket in which it stores all the personal data it has harvested from thousands of its victims.
The company also failed to protect one of its APIs, so that anyone who guessed an easy-to-derive URL could monitor the data of new customers as they were added.
Spyfone's reckless incompetence exposed 2,208 peoples' most personal data, from 3,666 devices, as well as 44,109 unique email addresses.
The data exposed included selfies, text messages, audio recordings, contacts, location, hashed passwords and logins, Facebook messages, among others, according to a security researcher who asked to remain anonymous for fear of legal repercussions.
Last week, the researcher found the data on an Amazon S3 bucket owned by Spyfone, one of many companies that sell software that is designed to intercept text messages, calls, emails, and track locations of a monitored device.
Motherboard was able to verify that the researcher had access to Spyfone’s monitored devices’ data by creating a trial account, installing the spyware on a phone, and taking some pictures. Hours later, the researcher sent back one of those pictures.
Spyware Company Leaves ‘Terabytes’ of Selfies, Text Messages, and Location Data Exposed Online [Lorenzo Franceschi-Bicchierai/Motherboard]
The Boeing 737 Max is out of service around the world, following a fatal crash of an Ethiopian Airlines and an Indonesian Lion Air flight and there is intense investigation and speculation as to the cause of the crash.
Willie Cade's grandfather Theo Cade was one of John Deere's most storied engineers, with 158 patents to his name; he invented the manure spreader and traveled the country investigating stories of how farmers were using, fixing, modifying and upgrading their equipment; today, Willie Cade is the founder of the Electronics Reuse Conference, having spent a […]
Some 1,600 people were secretly livestreamed while staying in South Korean motel rooms where cameras had been hidden by criminals who operated a 4,000-user service for voyeurs, where a $45/month upcharge bought subscribers the right to access replays and other extra services.
Got a vision to put on film? The Film & Cinematography Mastery Bundle shows you how to put it there, with classes covering gear, lighting, production – even marketing. Even in this age of indie cinema, filmmaking can seem like an exclusive world for the chosen few. But with the right eye – and the […]
If you’re into tech at all, you should definitely consider unleashing your inner tinkerer on a Raspberry Pi board. If you’re intimidated, don’t be. It’s a statistical probability that people half your age have created cooler things than you can imagine with the versatile kit. Not sure where to start? The Complete Raspberry Pi 3B+ […]
Are you super organized? You’re going to love the Genius Pack G4 and its seemingly limitless, well-placed compartments. Not that organized? You’re still going to love this piece of luggage because it’s so well thought out that it practically does the packing for you. We’ve all tried to stuff a piece of carry-on so full […]