Security researcher Cian Heasley discovered an unprotected online storage folder accessible via the web that contains all the data that stalkers and snoops took from their victims’ devices via a commercial program that steals photos and recordings from their devices.
Included in the leak are 3.7GB of MP3 recordings (25,000 in total) of personal phone calls and 16GB of images (95,000 in total), including very sensitive and personal images.
Both Heasley and Motherboard have repeatedly contacted the stalkerware company to alert them to the breach, but they have not received a response, despite multiple attempts. Out of an abundance of caution, Motherboard has not named the company while its customers’ victims’ date is exposed.
Stalkerware companies (previously) market their products to jealous spouses, employers, parents, and even law enforcement. As you might expect from companies engaged in such unethical conduct, these firms are notorious for their bad security, and frequently breach all their customers’ victims’ data. Motherboard has covered 12 different vendors’ breaches in just the past two years: “Retina-X (twice), FlexiSpy, Mobistealth, Spy Master Pro, SpyHuman, Spyfone, TheTruthSpy, Family Orbit, mSpy, Copy9, and Xnore.”
The exposed database was found by security researcher Cian Heasley, who contacted us when he found it earlier this year. The database is still online, and has been online for at least six weeks. Pictures and audio recordings are still being uploaded to it nearly every day. We won’t name the company to protect the victims who may be getting spied on without their consent or knowledge, and—on top of that—are having their pictures and calls uploaded to a server open to anyone with an internet connection.
We have spent weeks trying to ethically disclose this vulnerability to the company and to get the private images secured. We reached out to the company’s official contact email, displayed on its site. No answer. We reached out to the Gmail address of the site’s administrator, who also appears to be the company’s founder. No answer. We left a voicemail to a Google Voice number listed on the site’s WHOIS details. No answer.
This Spyware Data Leak Is So Bad We Can’t Even Tell You About It [Lorenzo Franceschi-Bicchierai/Motherboard]
(via Ben Watts, CC-BY)
Medtronic is the most notorious maker of insecure medical implants in America, with a long history of inserting computers into people’s bodies with insecure wireless interfaces, toolchains and update paths, and nothing has changed.
But her emails.
Investigative tech journalist Joseph Menn’s (previously) next book is a history of the Cult of the Dead Cow (previously) the legendary hacker/prankster group that is considered to be “America’s oldest hacking group.”
Despite government legislation and improving caller ID technology, robocalls and scam artists are rampant on the phone lines – up to 35 billion a year in the US alone. They can be annoying at best and a financial threat at worst, but there’s a way to take security into your own hands. One good example […]
If you’re a Mac user, you thrive on simplicity. Everything in its place and a place for everything. Unsurprisingly, there’s a ton of great organizational apps out there for Mac, and now someone’s had the great idea to bundle them all together. Whether you’re running a demanding business or just getting through the day to […]
Seems like drones are doing a lot of jobs these days, from reconnaissance to delivery. Now, we can add “keeping the Death Star safe” to that list. Whether you’re a drone enthusiast or a Star Wars fan, these Star Wars Propel Drones are undeniably the coolest toy around. Yes, that’s a fully functional drone replica […]