After the Federal Trade Commission accused SpyFone of harvesting the mobile data of thousands of individuals and leaving the information on the internet, it unanimously decided to ban Scott Zuckerman, chief executive of SpyFone, from the surveillance sector. This was the first such order.
SpyFone was “secretly harvesting and sharing data on people’s physical movements and phone usage through a hidden hack,” according to the agency. This allowed the spyware buyer to see the device’s location, view its emails, video chats, and even access the user’s email addresses.
SpyFone, one of the many “stalkerware” applications that claim to be parental control are used often by spouses for spying on their partner. SpyFone is a spyware that can be installed secretly on someone’s smartphone, sometimes without their consent, in order to steal messages, photos and web browsing history. It also allows for real-time location data. FTC also claimed that victims were exposed to security threats because spyware is installed at the root level of the phone. This allows spyware to gain access to restricted parts of the operating system. The FTC stated that the premium app contained a keylogger as well as “live screen viewing”.
But the FTC said that SpyFone’s “lack of basic security” exposed those victims’ data, because of an unsecured Amazon cloud storage server that was spilling the data its spyware was collecting from more than 2,000 victims’ phones. SpyFone claimed it had partnered with law enforcement and a cybersecurity company to investigate. However, the FTC claims that it didn’t.
SpyFone CEO Zuckerman and SpyFone are prohibited from selling, marketing, advertising or advertising any surveillance apps, services, or businesses. This makes it more difficult for SpyFone to continue operating. In a separate statement, Rohit Chopra, FTC Commissioner, stated that stalkerware manufacturers should face criminal sanctions as a result of U.S. wiretap and computer hacking laws.
FTC also directed the company to erase all data that it had “illegally” collected and notify the victims, for the first-ever, of the fact that the app was secretly installed on the victim’s devices.
In a statement, the FTC’s consumer protection chief Samuel Levine said: “This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security.”
EFF launched Coalition Against Stalkerware in 2012, a group of companies who detect, combat and raise awareness about stalkerware. “With the FTC now turning its focus to this industry, victims of stalkerware can begin to find solace in the fact that regulators are beginning to take their concerns seriously,” said EFF’s Eva Galperin and Bill Budington in a blog post.
The FTC has now issued a second indictment against the stalkerware manufacturer. In 2019, the FTC settled with Retina-X after the company was hacked several times and eventually shut down.
Many other stalkerware manufacturers were either hacked, or accidentally exposed their systems over the years. These included mSpy and Mobistealth as well as Flexispy. Another stalkerware maker, ClevGuard, left thousands of hacked victims’ phone data on an exposed cloud server.
The National Domestic Violence Hotline (800-799-7233), provides confidential, 24/7 support for victims of domestic violence and abuse. Call 911 if you’re in an urgent situation.
You received a notification. Would you like to share your story? You can contact this reporter on Signal and WhatsApp at +1 646-755-8849 or [email protected] by email.
Publited at Thu, 2 Sep 2021 13.00:07 +0000