This Week in Security: Stalkerware, Spearphishing, and Stoplights

Keeping an Eye on Stalkerware

Last week, hackers identifying themselves as “The Decepticons” hacked into “stalkerware” providers FlexiSPY and Retina-X. FlexiSPY and Retina-X market their Spyware-as-a-Service (SaaS) to the consumer market for the purposes of spying on a family member’s phone. These consumer-grade spyware products are just as capable as their government and law-enforcement editions, allowing a user to eavesdrop on a call, capture photos, read messages, view browser history, and even track movement via GPS.

Taking a step back, it’s quite frightening to evaluate how central smartphones are in our day-to-day activities: we use them for everything from sending and receiving e-mails and messages, recording audio and video, tracking our own movements via apps like Fitbit and Google Maps, conducting financial transactions, and even authenticating our logins via a soft-token or text message (SMS). In short, our smartphones are pocket-sized surveillance devices we all willingly carry with us everywhere we go, in exchange for the daily conveniences such devices offer us.

However, a compromised smartphone provides a verifiable treasure trove of information for an attacker. Victims of domestic abuse routinely discover stalkerware and spyware surreptitiously installed on their smartphones by their abuser.

The “Decepticons” continued throughout the weekend to release a stream of internal documents, source code, and binaries, capping it off with a ‘how-to guide’ of how they infiltrated FlexiSpy’s internal network.

Now if all this sounds familiar, it’s probably because this is merely another incident in a series of hacks targeting spyware providers such as Gamma Group, HackingTeam, and Cellebrite.

The primary vulnerability in FlexiSPY’s network?  A default password (test:test) and password reuse across the network (root:tcpip123). I guess they didn’t take our advice week after week about using a password manager, not re-using passwords, changing default passwords, and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Research and Intelligence Team. Read the original post at: