[We've been covering the grimy, sleazy stalkerware industry for years, and so it's nice to see that the FTC is finally taking action against the worst of the worst actors — pity that they're still getting it wrong, as EFF's Gennie Gephart and Eva Galperin explain in this Deeplinks post that I've mirrored below. — Read the rest
Stalkerware — spyware sold to people as a means of keeping tabs on their romantic partners, kids, employees, etc — is a dumpster fire of terrible security (compounded by absentee management), sleazy business practices, and gross marketing targeted at abusive men who want to spy on women.
Eva Galperin is one of my colleagues at the Electronic Frontier Foundation, running our Threat Lab project, where she has made it her personal mission to eradicate stalkerware: malicious software marketed to abusive spouses, overbearing parents, and creepy employers, which runs hidden on mobile devices and allows its owner to spy on everything his target is doing ("Full access to someone's phone is essentially full access to someone's mind" -Eva).
Security researcher Cian Heasley discovered an unprotected online storage folder accessible via the web that contains all the data that stalkers and snoops took from their victims' devices via a commercial program that steals photos and recordings from their devices.
Retina-X sold a bunch of spyware apps (PhoneSheriff, TeenShield, SniperSpy and Mobile Spy) that they advised parents to sneak onto their kids' devices, jealous men to sneak onto their girlfriends' devices, and bosses to sneak onto their employees' devices, in order to covertly track their location data, steal their photos and videos, and spy on calls, keystrokes and texts.
It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.
Flexispy is the creepy stalkerware advertised to abusive spouses and exes that Motherboard's Joseph Cox has been relentlessly tracking; when he acquired a leaked trove of the company's files, he started to mine it to see who was buying the potentially illegal app.
Flexispy (previously) is the creepy, sketchy stalkerware company that makes tools that allow jealous, abusive spouses track their partners, and then hides their profits in offshore money-laundries.
Motherboard's Joseph Cox continues his excellent reporting on Flexispy, a company that make "stalkerware" marketed to jealous spouses through a network of shady affiliates who feature dudes beating up their "cheating girlfriends" after catching them by sneaking spyware onto their devices.
Two hackers supplied Motherboard with 130,000 account details hacked from Retina-X and FlexiSpy, who market covert surveillance tools to jealous spouses and nervous parents — tools that are intended to be covertly installed on their laptops and mobile devices in order to tap into their keystrokes, mics, calls, stored photos and other capabilities.
For $170, Motherboard's Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target's phone (the software's manufacturer sells passcode-defeating apps that help you do this); once it's loaded, you activate it with an SMS and then you can covertly operate the phone's mic, steal its photos, and track its location.
Hammad Akbar, a Pakistani national and CEO of Invocode, marketers of Stealthgenie, was arrested in LA on Saturday and charged with a variety of offenses related to making, marketing and selling "interception devices."
GPT-3 is a machine-learning trained language model that generates text based on a text prompt. Cory Doctorow has been playing around with a closed-beta implementation of Sudowrite, which he describes as a "GPT3-based text generator for fiction writers. You give it characters, plot summaries, dialogue, or twist endings," and Sudowrite generates one of more paragraphs of text based on that. — Read the rest
An Australian woman's creepy, violent ex-boyfriend hacked her phone using stalkerware, then used that, along with her car's VIN number, to hack the remote control app for her car (possibly Landrover's Incontrol app), which allowed him to track her location, stop and start her car, and adjust the car's temperature.
Since the 1990s, governments around the world have waged war on working encryption, arguing that "civilians" should be limited to using crypto with known defects that allow it to be broken, so that "good guys" can chase "bad guys."
Life360 is an app that lets you track a mobile phone user in fine-grained, realtime detail, with options to set alert for things like "is this person exceeding the speed limit?" It's widely used by parents to track their teens, and this seems to be the summer where it comes into its own, with millions of families around the world relying on it to act as a kind of remote leash for their kids.
Chrome security engineer and EFF alumna Chris Palmer's State of Software Security 2019 is less depressing than you might think: Palmer calls out the spread of encryption of data in transit and better signaling to users when they're using insecure connections (largely attributable to the Let's Encrypt project); and security design, better programming languages and bug-hunting are making great strides.
Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. — Read the rest
85% of domestic violence shelters work with women who have been GPS-tracked by their abusers; 75% have clients who were attacked with hidden mobile surveillance apps; cops routinely steal and share nude selfies from the phones of women pulled over in traffic stops, and NSA spies used agency's massive, illegal surveillance apparatus to stalk women they were sexually attracted to, a practice that was dubbed "LOVEINT."