fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FTC Bans Stalkerware Maker Spyfone from Surveillance Business

FTC Bans Stalkerware Maker Spyfone from Surveillance Business

FTC bans stalkerware maker Spyfone from surveillance business

FTC has banned stalkerware maker Spyfone and CEO Scott Zuckerman from the surveillance business after failing to protect customers’ devices from hackers and sharing info on their location and activity.

Stalkerware tech allows third parties to monitor your mobile device without your knowledge and collect sensitive info related to your location and online activity, which can be used for blackmail or other malicious purposes.

Such tools can lead to “gender-based and domestic violence, harassment and sexual abuse,” according to the Coalition Against Stalkerware.

Ban comes after 2018 data breach

“Today, the Federal Trade Commission banned SpyFone and its CEO Scott Zuckerman from the surveillance business over allegations that the stalkerware app company secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack,” the FTC said today.

“The company’s apps sold real-time access to their secret surveillance, allowing stalkers and domestic abusers to stealthily track the potential targets of their violence. SpyFone’s lack of basic security also exposed device owners to hackers, identity thieves, and other cyber threats.

As Samuel Levine, Acting Director of the FTC’s Bureau of Consumer Protection, explained, while the stalkerware was running on owners’ devices without their knowledge, the information it collected was fully exposed to hackers.

Levine referred to a data breach revealed in August 2018 caused by Spyfone leaving an Amazon S3 bucket containing several terabytes of data harvested from more than 3,600 devices, including text messages, photos, audio recordings, and the users’ web history.

The security researcher who discovered the exposed database also found that Spyfone’s backend services could also be accessed without credentials, making it possible to create admin accounts and gain access to customer data.

Eva Galperin, Electronic Frontier Foundation’s director of cybersecurity, told Motherboard, who first reported the breach, that “Spyfone appears to be a magical combination of shady, irresponsible, and incompetent.”

While Spyfone promised customers that it would work with law enforcement authorities and an outside data security firm to investigate the breach, the FTC said it failed to follow through.

Also Read: 4 Reasons Why You Need An Actively Scanning Antivirus Software

Stalkerware victims to be alerted their devices are not secure

As part of a proposed settlement, the FTC now requires Support King (the company behind Spyfone) to notify the owners of devices on which its apps were installed that their devices were monitored and likely no longer secure.

Spyfone and its CEO Scott Zuckerman will also have to delete any info illegally collected using the stalkerware apps.

“This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security,” Levine added today.

“We will be aggressive about seeking surveillance bans when companies and their executives egregiously invade our privacy.”

Second time FTC took action against stalkerware

In October 2019, the FTC also blocked Retina-X Studios (Retina-X) from selling three stalkerware mobile apps (MobileSpy, PhoneSheriff, and TeenShield) unless they were used for legitimate purposes.

Retina-X stopped selling its apps in 2018 before the FTC settlement after its cloud storage was breached twice using unencrypted account credentials in February 2017 and with the help of ‘obfuscated’ credentials one year later.

The hacker stole data collected using the PhoneSheriff and TeenShield apps, “including login usernames, encrypted login passwords, text messages, GPS locations, contacts, and photos.”

Also Read: 5 Types of Ransomware, Distinguished

Before Retina-X stopped selling the three stalking apps, it managed to get customers to pay for 15,000 subscriptions (5,700+ for MobileSpy, 4,600+ for PhoneSheriff, and over 5,000 for TeenShield) in total for all three apps.

FTC is not the only one who took action against stalkerware. Google updated its Google Ads Enabling Dishonest Behavior policy to globally ban advertising for spyware and surveillance technology starting with August 11, 2020.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us