Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

‘Stalkerware’ vendor SpyFone barred from surveillance market, FTC announces

The US Federal Trade Commission (FTC) has banned a spyware developer and its CEO from operating in the surveillance market in a landmark decision hailed by anti-stalkerware campaigners.

The FTC alleges that the SpyFone app, which is marketed by Support King, allows “stalkers and domestic abusers to stealthily track the potential targets of their violence”, reads an FTC press release issued yesterday (September 1).

The app can be used to “surreptitiously monitor photos, text messages, web histories, GPS locations, and other personal information of the phone on which the app was installed without the device owner’s knowledge”, added the regulator.

The FTC also cited in its decision a “lack of basic security” that put victims’ data at further risk.

Support King and its CEO, Scott Zuckerman, will be barred from “offering, promoting, selling, or advertising any surveillance app, service, or business” under the proposed settlement (PDF).

The FTC has also ordered Support King “to delete the illegally harvested information and notify device owners that the app had been secretly installed”.

Oblivious victims

The SpyFone website pitches the app as a means to “watch over your children and family” and says that users “can only install Spy Phone App on phones you own or you have been given permission by the owner of the phone”.

However, the FTC says the company “provided instructions on how to hide the app so that the device user was unaware the device was being monitored”.

Moreover, some features necessitated giving snoopers ‘root’ access that “could void warranties and expose the device to security risks”.

The FTC also alleges Support King failed to encrypt victims’ personal information and transmitted purchasers’ passwords in plaintext.

Data leak

The FTC referenced a 2018 data leak in which an unprotected Amazon S3 bucket reportedly exposed several terabytes of unencrypted camera photos, among other data harvested from SpyFone installations.

Support King failed to fulfil a promise to investigate the incident with the help of law enforcement and external cybersecurity experts, said the consumer rights watchdog.

“SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information,” said Samuel Levine, acting director of the FTC’s Bureau of Consumer Protection.

“The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company’s slipshod security.”

Aggressive approach

The FTC sanctions against SpyFone mark “a significant change from the agency’s past approach,” said FTC Commissioner Rohit Chopra.

Advertisement. Scroll to continue reading.

Issued in 2019, its previous, and only, stalkerware-related decision allowed spyware vendor Retina-X Studios and its owner to continue selling such applications, providing they introduced certain security and privacy safeguards.

However, Samuel Levine has now promised that the FTC “will be aggressive about seeking surveillance bans when companies and their executives egregiously invade our privacy”.

The Electronic Frontier Foundation (EFF), which helped to launch the Coalition Against Stalkerware in 2019, welcomed the decision.

“Victims of stalkerware can begin to find solace in the fact that regulators are beginning to take their concerns seriously,” the digital privacy non-profit said in a statement.

Security firm Kaspersky has previously revealed that 53,870 of its worldwide customers were affected by stalkerware in 2020.

Google banned all forms of stalkerware from its app store in October 2020.

Source: https://portswigger.net/daily-swig/stalkerware-vendor-spyfone-barred-from-surveillance-market-ftc-announces

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Cyber Security

On June 21, 2023, hackers broke into LetMeSpy’s servers and stole private data. Following the hack, the attackers were able to obtain unauthorized access...

Cyber Security

Belgium has become the first European country to adopt a national, comprehensive safe harbor framework for ethical hackers, according to the country’s cybersecurity agency....

Cyber Security

A new twist on security advisories promises to optimize the triaging of vulnerabilities by highlighting whether flaws are not just present within software but practically exploitable,...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO