Spyware, software used for collect information on people’s activities online without their knowledge, they are a known topic and are tools used by governments to control movements deemed worthy of attention.
The novelty is that software called stalkerware is becoming more popular spyware that can be purchased for a few tens of euroswhich allow anyone to control the mobile devices of their victims: there are those who want to control their partner, parents who want to keep an eye on their children, even overly intrusive employers.
They are applications that transmit all kinds of information without the victim realizing it: phone calls, text messages, instant messaging apps, photos, browser history, email and location of the telephone; they work non-stop and in the background, i.e. the victim has no way of noticing anything strange just by looking at the smartphone display.
Safety
Taser, bodycam and artificial intelligence: the hi-tech future of the Italian police
by Emanuele Capone
The phenomenon is not new
In fact, stalkerware has been around for years, so much so that in October 2021 an exploit (a vulnerability) was used to hack one of these software and steal data from thousands of people. I’m applications that have been on the market for years and on which we return today due to their spread which, subject to the lockdown period imposed by the coronavirus, is growing.
It is not only used across the ocean, so much so that the security company Kaspersky Lab provides an annual report through which it monitors the spread of stalkerware. The 2020 edition of the report indicates that, globally, the victims were 53,870less than the 67,500 in 2019. This decline, not structural, is due to the lockouts that have occurred practically everywhere in the world: if controlling and controlled have remained under the same roof, the need for control has decreased.
If Kaspersky relied on proprietary research, TechCrunch reporters have launched a broader investigationestimating that the vulnerability identified in October has compromised at least 400 thousand devices in the world, also identifying 9 apps that act in the exact same way and therefore attributable to a small group of developers: sono Copy9, ExactSpy, FoneTracker, GuestSpy, iSpyooMxSpy, SecondClone, TheSpyApp e TheTruthSpy.
All these applications they have the same graphical interface and allow the parent to access a web page on which all data transmitted by the controlled’s mobile devices are collected.
They are mostly apps written and developed protected by the most basic security parameters and full of bugs, so much so that those who produce them have fallen victim to their own grossness. The most encountered flaws concern the bugs defined Idor (the acronym stands for Insecure direct object references), vulnerabilities in access control which, in the specific case and translated in a simple way, allows those who have the ability to also access the data collected by other parent companies. Normally these gaps can be filled directly on the servers, without the need to update the applications.
They are applications developed by organizations that are difficult to find, whose sites can be traced back to companies that no longer exist, like the case of Jexpa which, despite having been struck off the US trade registers in 2009, is still alive and well (and hidden). TechCrunch’s research led to a Vietnamese company called 1Byte.
They are not just numbers
The spread of stalkerware is obviously important, but it is often a sign, an indication of a more serious problem, a sort of digital extension of an oppressive and violent attitude victims are subjected to in everyday life.
According to Kaspersky Lab, 6% of the Italians interviewed admitted to having used a stalkerware and partner monitoring activities would be morally acceptable to 26% of respondents; this data is, among other things, coupled with the 24% of partners who suspect they are victims of digital intrusiveness.
The case
Spy software, the Pegasus scandal eventually broke out in Israel as well
by Arturo Di Corinto
How to defend yourself: the first steps
Stalkerware belong more to the world Android than to that iOSbecause Cupertino’s privacy policies are more stringent, as are the controls carried out on apps before allowing them to be published on the Apple Store.
There are precautions that can be taken regardless: considering that these apps must be installed on the victim’s device, it is advisable do not leave your smartphone unattended and, in any case, protect it with a pin where it is not already necessary to unlock it with a fingerprint or face recognition.
It goes without saying that, by transmitting data to servers, internet traffic is affected and therefore, in front of what they seem to be abnormal consumption, it would be necessary to investigate further. Likewise, these apps tend to consume battery abnormally and, last but not least, processor and RAM workloads heat up the device.
There are many on the digital stores of Google and Apple applications that can detect the presence of many stalkerware, but there is a risk that the parent will be notified of the removal of the app on the controlled device. There are better solutions that require higher technical knowledge, but (it should be remembered) if you are a victim of stalkerware you must ignore it so as not to initiate a violent reaction from the parent and contact the police or to specific associations, including Women on the Net against Violence. Erasing the trace of stalkerware on your devices can also coincide with erasing the evidence of the violence suffered, therefore it is advisable to contact the authorities as soon as possible.