If you are horrified with the idea that a stalker is watching your every move, think of the same crime happening as you use your smartphone. Apparently, hackers can take advantage of a security flaw in a consumer-grade spyware.
Security issues plaguing such spyware, called "stalkerware," have led to call records, geolocations, browsing history, text messages and photos being exposed to cybercriminals, TechCrunch revealed.
TechCrunch discovered the security issue in a continuing probe on an available spyware--which was not named so other hackers can't exploit it.
The said app has the ability to track and monitor people without their consent. The stalkerware, however, would maliciously sift through the phone's contents, allowing the hacker to monitor the phone owner's whereabouts and the people they communicate with. These compromised phone users would have no idea that they are being stalked, because the apps are designed to vanish from the phone's home screens to elude detection and deletion.
Stalkerware Developers 'Negligent' in Securing Products
Electronic Frontier Foundation director of cybersecurity Eva Galperin expressed disappointment over TechCrunch's discovery, but said she was "not slightly surprised." Galperin told Tech Crunch that she would describe this behavior as "negligent," saying that such a company has already developed products that enables abuse, it would then do a "poor job" of safeguarding the extracted data and exposing victims to even further abuse.
TechCrunch also revealed that it had tried to contact the web firm Codero, which hosts the spyware infrastructure, but the company did not respond to the news outlet's request for comment. The report said Codero was no stranger to stalkerware, having hosted Mobiispy, which was discovered to have exposed a massive amount of private photos and phone recordings.
Such downloadable, easy-to-access spyware led to an industry-wide initiative to ban such apps. Google pulled "stalkerware" ads that encourage users to spy on spouses and significant others, although some developers had come up with new tactics to circumvent the ban. In addition, anti-virus software providers have enhanced their products to spot stalkerware.
With its intention to spy on phone users, mobile spyware has also grappled with security problems. These stalkerware packages have been reportedly hacked, leaving the victim's phone data compromised and exposed. TechCrunch revealed that these hacked spyware included mSpy, Mobistealth, Flexispy, Family Orbit, and KidsGuard, which had security flaws that spilled thousands of users' phone data.
Another stalkerware package, pcTattleTale--which has been marketed as a tool to spy on a spouse's device--leaked screenshots through easily obtainable web addresses.
The U.S. Federal Trade Commission (FTC) had also banned the stalkerware app SpyFone, which compromised phone data of 2,000 users, and Retina-X after it had been hacked several times and was shut down.
Tips to Protect Yourself Against Stalkerware
Here are some self-defense tips on detecting and avoiding stalkerware, as shared by Galperin, who founded the Coalition Against Stalkerware, as noted on the New York Times:
Check for unusual behavior on your device: A fast draining battery is one sign of a potential malware. This means stalkerware might be running in the background
Scan your smartphone/device: Such apps as NortonLifeLock, Lookout, Certo, and MalwareBytes could detect stalkerware. Also, observe your apps for any unusual behavior.
Seek help: Report the stalkerware to authorities while getting advice from resources such as the National Domestic Violence Hotline or the Safety Net Project, Hosted by the National Network to End Domestic Violence
Audit online accounts to check the apps and devices that are linked to them. Log out from those apps that appear suspicious.
Change your passwords/passcode: Changing passwords and passcodes frequently is highly recommended, with long and complex passwords for each account.
Enable two-factor authentication: Requiring two forms of verification of your identity is ideal to protect your accounts in your device. Apart from a password, it will ask you to enter a temporary code produced by an authentication app. With this, even if hackers figure out your password, they can't log in without that code.
Update your software: Apple and Google sends out important updates, such as security fixes that can detect and remove stalkerware. Check if you are running the latest version of your mobile OS.