FTC bans spyware maker SpyFone and orders it to notify hacked victims

The Federal Trade Commission voted unanimously to ban spyware maker SpyFone and its CEO Scott Zuckerman from the surveillance industry, the first such request, after the agency accused the company of collecting mobile data from thousands. of people and leave them on the open Internet.

The agency said SpyFone “secretly collected and shared data on people’s physical movements, phone use, and online activities through a stealth device hack,” allowing the spyware buyer “to see the device’s live location and view the device user’s emails and video chats. “

SpyFone is one of many “stalkerware” applications that are marketed under the guise of parental control, but are often used by spouses to spy on their partners. Spyware works by surreptitiously installing itself on someone’s phone, often without their permission, to steal their messages, photos, web browsing history, and real-time location data. The FTC also reported that the spyware maker exposed victims to additional security risks because the spyware runs at the “root” level of the phone, allowing spyware to access prohibited parts of the device’s operating system. . A premium version of the app included a keylogger and “live screen display,” says the FTC.

But the FTC said that SpyFone’s “lack of basic security” exposed the data of those victims, due to to unsecured Amazon cloud storage server that it was spilling the data that its spyware collected from the phones of more than 2,000 victims. SpyFone said it partnered with a cybersecurity firm and law enforcement to investigate, but the FTC says it never did.

In practice, the ban means that SpyFone and its CEO Zuckerman are prohibited from “offering, promoting, selling or advertising any surveillance application, service or business,” making it difficult for the company to run. But FTC Commissioner Rohit Chopra said in a separate statement that stalkerware makers should also face criminal penalties under US hacking and wiretapping laws.

The FTC also ordered the company to delete all data it collected “illegally” and, also for the first time, notify victims that the app was secretly installed on their devices.

On a declaration, FTC Consumer Protection Chief Samuel Levine said, “This case is an important reminder that surveillance-based businesses pose a significant threat to our security.”

The EFF, which launched the Coalition Against Stalkerware two years ago, a coalition of companies that detects, fights and raises awareness about stalkerware, praised the FTC’s order. “Now that the FTC is focused on this industry, victims of stalkerware can begin to find comfort in the fact that regulators are beginning to take their concerns seriously,” EFF’s Eva Galperin and Bill Budington said in a blog post.

This is the FTC’s second order against a stalkerware maker. In 2019, the FTC settled with Retina-X after the company was hacked multiple times and eventually to turn off.

Over the years, several other stalkerware makers were hacked or inadvertently exposed their own systems, including mSpy, Mobistealth, and Flexispy. Another stalkerware maker, ClevGuard, left thousands of hacked victim phone details on an exposed cloud server.

Read more:

If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides free, confidential 24/7 support to victims of abuse and violence. domestic. If you are in an emergency situation, call 911.

Did you get a notification and want to tell your story? You can contact this reporter on Signal and WhatsApp at +1 646-755-8849 or [email protected] Voice by email.



Please enter your comment!
Please enter your name here