Stalkerware apps, marketed to jealous partners for remotely accessing victims’ phones, are proving to be a massive security risk. Since 2017, at least 27 stalkerware companies, including the recent uMobix data spill, have been hacked or leaked customer and victims’ data online, exposing sensitive personal information. This troubling trend highlights the dangers of using such software, putting both the users and their targets at risk.
Key Takeaways
- Since 2017, at least 27 stalkerware companies have experienced hacks or data leaks, exposing the personal data of both customers and their victims.
- The uMobix data leak involved a hacktivist scraping the payment information of over 500,000 customers and publishing it online, highlighting the ease with which this data can be compromised.
- Despite the risks, some stalkerware companies rebrand and reappear after being shut down, demonstrating the persistent nature of this unethical industry.
- Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, notes that stalkerware is part of a larger world of tech-enabled abuse, indicating the complex nature of the problem.
Why Are Stalkerware Apps Such a Security Risk?
Stalkerware apps, such as uMobix, SpyX, and Cocospy, are marketed as solutions for catching cheating partners, encouraging illegal and unethical behavior. However, the developers often fail to implement adequate security measures to protect the sensitive data they collect. This makes them “soft targets” for hackers, according to Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. The types of data exposed in these breaches include messages, photos, call logs, and location data, which can have severe consequences for victims. The Coalition Against Stalkerware provides resources for individuals who believe their devices have been compromised.
The lack of security in stalkerware apps can be attributed to several factors. First, the developers may not prioritize security due to a lack of concern for the quality of their product. Second, the apps often collect a wide range of sensitive data, making them attractive targets for hackers. Finally, the industry operates in a legal gray area, which may discourage developers from investing in robust security measures. As a result, users of these apps are not only engaging in unethical and potentially illegal behavior but also putting their own data and the data of their victims at risk.
What Can Be Done to Combat Stalkerware?
Combating stalkerware requires a multi-faceted approach involving legal action, increased security measures, and public awareness campaigns. The Federal Trade Commission (FTC) has taken action against stalkerware companies like SpyFone, banning them from operating in the surveillance industry. However, more legal action is needed to deter others from engaging in this unethical practice. Security firms, like Malwarebytes, are working to detect and remove stalkerware from infected devices, but the industry continues to evolve, requiring constant vigilance.
Raising public awareness about the dangers of stalkerware is crucial. Many people may not realize that using these apps is not only unethical but also puts their data at risk. By educating the public about the risks, it may be possible to reduce the demand for stalkerware and make it more difficult for these companies to operate. Parents should also be aware of the risks of using stalkerware to monitor their children and consider safer, more transparent alternatives like Apple’s and Android’s built-in parental control features.
Products/Companies Mentioned
- uMobix — Stalkerware app, recently hacked, exposing payment information of over 500,000 customers.
- Electronic Frontier Foundation (EFF) — Non-profit defending civil liberties in the digital world, fights against stalkerware.
- Federal Trade Commission (FTC) — U.S. agency that banned SpyFone for security lapses exposing victims’ data.
- Malwarebytes — Security firm detecting and removing stalkerware from infected devices.
- Coalition Against Stalkerware — Provides resources for individuals who believe their devices have been compromised.
What This Means
- For consumers/users: Using stalkerware apps puts your personal data and the data of your targets at risk due to frequent security breaches and data leaks.
- For businesses/enterprises: The stalkerware industry highlights the importance of robust security measures and ethical data handling practices to protect sensitive information.
- For the tech industry: Increased vigilance is needed to detect and combat stalkerware, as these apps continue to evolve and pose a threat to individual privacy and security.
Source: techcrunch.com
