Spyware maker Spyfone and CEO Scott Zuckerman have been barred from the surveillance business by the Federal Trade Commission after failing to protect customers’ devices from hackers and sharing information on their location and activities.
Stalkerware technology lets third parties to monitor a user’s mobile device without their knowledge and collect sensitive data like location and online behavior, which can be exploited for malicious purposes.
These technologies can lead to “gender-based and domestic violence, harassment, and sexual abuse,” according to the Coalition Against Stalkerware.
SpyFone and its CEO Scott Zuckerman have now been barred by the Federal Trade Commission amid charges that the stalkerware app company secretly collected and exchanged data on people’s physical movements, phone use, and online activity through a hidden device breach. Stalkers and domestic abusers could track possible targets of their violence via the company’s applications, which sold real-time access to their hidden surveillance.
SpyFone’s lack of basic protection also exposed device owners to hackers, identity thieves, and other vulnerabilities. The information acquired by the stalkerware was fully exposed to hackers while it was running on owners’ devices without their knowledge.
An Amazon S3 bucket containing several gigabytes of data stolen from more than 3,600 devices, including text messages, images, audio recordings, and the users’ browsing history, was discovered in August 2018 following a data breach triggered by Spyfone.
Spyfone’s backend services could also be accessed without credentials, allowing for the creation of admin accounts and access to client data, according to the disclosed database.
The FTC claimed that while Spyfone assured customers that the company would engage with law enforcement and an outside data security firm to investigate the incident, it failed to do so. As part of a proposed settlement [PDF], the FTC now requires Support King, the firm behind Spyfone, to warn owners of devices on which its apps were installed that their devices had been monitored and were probably no longer secure.
Spyfone and its CEO, Scott Zuckerman, would also be required to destroy any information obtained illegally through the use of spyware applications.
This case demonstrates that firms that rely on surveillance represent a substantial threat to public safety and security.
You might also like: