Cyber Security

FTC bans stalkerware maker Spyfone from surveillance business

0

The Federal Trade Commission has banned stalkerware maker Spyfone and CEO Scott Zuckerman from the surveillance business after failing to protect customers’ devices from hackers and sharing info on their location and activity.

Stalkerware tech allows third parties to monitor mobile devices of the user without their knowledge and collect sensitive information such as location and online activity, that can be used for any malicious purposes.

These kinds of tools can lead to “gender-based and domestic violence, harassment and sexual abuse.”

Now the Federal Trade Commission has banned SpyFone and its CEO Scott Zuckerman over allegations that the stalkerware app company secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack.

The company’s apps sold real-time access to their secret surveillance, allowing stalkers and domestic abusers to stealthily track the potential targets of their violence.

SpyFone’s lack of basic security also exposed device owners to hackers, identity thieves, and other cyber threats. While the stalkerware was running on owners’ devices without their knowledge, the information it collected was fully exposed to hackers.

A data breach revealed in August 2018 caused by Spyfone left an Amazon S3 bucket containing several terabytes of data harvested from more than 3,600 devices, including text messages, photos, audio recordings, and the users’ web history.

The exposed database also found that Spyfone’s backend services could also be accessed without credentials, making it possible to create admin accounts and gain access to customer data.

While Spyfone promised customers that it would work with law enforcement authorities and an outside data security firm to investigate the breach, the FTC said it failed to follow through.

As part of a proposed settlement, the FTC now requires Support King, the company behind Spyfone to notify the owners of devices on which its apps were installed that their devices were monitored and likely no longer secure.

Spyfone and its CEO Scott Zuckerman will also have to delete any info illegally collected using the stalkerware apps.

This case denotes that surveillance-based businesses always pose a significant threat to the safety and security.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    WhatsApp Photo Filter bug could have led to user data exposure

    Previous article

    Latest Atlassian Confluence flaw exploited to breach Jenkins Project Server

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *