Stalkerware? Spouseware? Creepware? Just Call It Horrific
Trigger warning: domestic abuse; stalking
The Electronic Frontier Foundation (EFF) is stepping up its fight against stalkerware. It’s asking for help from AV vendors, phone platform makers and law enforcement.
Also known as spouseware and creepware, this vile trade is responsible for enabling all manner of frightening and dangerous abuse, from stalking to serious sexual assault. It’s no laughing matter.
It’s time to put an end to it. In today’s SB Blogwatch, we’re truly horrified.
Your humble blogwatcher curated these reports and reactions. Not to mention: Eva’s nemesis.
What’s happening? Here’s Andy Greenberg—“Hacker Eva Galperin Has a Plan to Eradicate Stalkerware”:
Galperin says she’s learned the signs: the survivors of domestic abuse [whose] tormentors seem to know everyone they’ve called, texted, and even what they discussed. … How their abusers seem to know where they’ve been and … turn up at those locations to menace them.
…
The reason … is because the abuser has deeply compromised the victim’s phone. … The stalker doesn’t have to be a skilled hacker; they just need easily accessible consumer spyware.
…
Galperin [has] a list of demands: First, she’s calling on the antivirus industry to finally take the threat of stalkerware seriously. … She’ll also ask Apple to take measures to protect iPhone users from stalkerware … (the company doesn’t allow antivirus apps). [And] she’ll call on state and federal officials to use their prosecutorial powers to indict executives of stalkerware-selling companies on hacking charges.
…
Her first win: … Kaspersky announced … it will make a significant change to how [it] treats stalkerware. [It] will now show its users an unmistakeable “privacy alert” for any of dozens of blacklisted apps, and then offer options to delete or quarantine them. … Once one company begins to call out consumer spyware … she argues, competition will drive the other antivirus firms to meet that standard.
…
Galperin set off on this mission a year ago, when she discovered that a security researcher she knew personally … had secretly sexually abused a string of women [and] had threatened to hack a victim’s devices as a means of control. … Galperin estimates that since then, she has devoted about a quarter of her work time to acting as a kind of one-woman IT help desk and therapist.
But is Kaspersky the first to move? Let’s ask Alfred Ng—“Kaspersky Lab will warn you”:
Antivirus apps are supposed to protect you from attacks on your devices, but for years, stalkerware has evaded their scrutiny. … In 2018, Kaspersky Lab detected stalkerware on 58,487 mobile devices. There’s likely much more out there.
…
Stalkerware … accesses personal data including GPS location, text messages, photos and microphone feeds. You don’t have to be an expert to get your hands on it — stalkerware is sold online.
…
Symantec, an antivirus company that owns Norton, said it also blocks spyware and stalkerware, which its software considers malicious. … A Malwarebytes spokesperson said the company has been enforcing against stalkerware since 2014. … Lookout, a mobile security app, said it’s also been tackling this as a serious security threat.
Surely it’s already illegal? Roland Moore-Colyer—“Looks like there’s a lot of creeps out there”:
It’s legal but is pretty damn unethical. Nevertheless, it seems to get used a heck of a lot.
…
Some people might consent to have stalkerware on their devices. … But it would seem like a lot of people end up with it … without their knowledge; again that’s legal but dodgy [as ****].
…
[And] by uploading data to a server operated by the stalkerware’s makers, the harvested information could be exposed to the developers. … That could mean there’s a heck of a lot more people with the peepers on data.
…
It gets worse … stalkerware asks for device security software to be turned off. … Stalkerware is bad news all round. And if you have someone using it on you it’s perhaps time to reconsider your relationship.
OK, stop. That’s more than enough men talking about an issue that affects women vastly more often. The EFF’s Rebecca Jeschke announces the “Threat Lab”:
EFF is proud to announce its newest investigative team: the Threat Lab [which] will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals. … Eva Galperin heads up the group, which also includes senior staff technologist Cooper Quintin and senior investigative researcher Dave Maass.
…
Some of the projects that will move under the Threat Lab umbrella include our research into state-sponsored malware … and our work fighting spouseware and stalkerware. … We all have a right to live our lives without the threat of illegal surveillance.
Eva who? @evacide—and don’t you forget it:
That time I got really mad and decided to kill an industry. … I’d be lying if I said I hadn’t started a meeting with “Now, everyone pick an industry you want to kill…”
…
For anyone who has ever asked me why I’m so angry, I’m here to tell you that anger gets **** done. … I’m anger and armor, all the way down.
…
One co-coworker once told another that I was smart, but “it’s a pity, how she presents herself.” That person is gone and I am the Director of Cybersecurity.
…
Change doesn’t happen in a vacuum. Shout out to the people who have been fighting spouseware and stalkerware all along: @harlo @lorenzofb @josephfcox @iblametom at al. … Donate to @EFF! Without our members, we are nothing.
Speaking of which, abutilon helps make the EFF into something:
Good work, Eva. I just joined the EFF. Cuz of you.
And RandomDude randomly renders respect:
I have nothing but respect for the people at EFF.
If I won the [lottery] I would immediately donate 10 million and make them a powerhouse. … What they do is essential to decency in the modern electronic world.
But is this software all bad? The bizarrely monikered sexconker is just sayin’:
It’s more frequently used by people who want to catch their spouse cheating on them before they file for divorce so they don’t get screwed (in court).
You can argue about whether … that’s right or not, but the “stalkers and abusers” line is mostly bull****. It’s people prepping for divorce and gathering evidence.
Hmmm. Anecdata, please? This Anonymous Coward tells us Sadly, I know someone that needs this:
Her ex-BF installed tracking **** on her iPhone when she was asleep. He unlocked the phone using the fingerprint sensor and we already found him tracking her in some software but *** knows what else he did.
…
Her phone also stopped doing cloud backups because he connected her phone to his computer and backed it up. Apparently when you do a local backup, cloud backups automatically stop until you tell it to go back to cloud backup.
And @AnalystSyndica1 offers theirs:
I once met a guy doing a startup that would detect physical phone taps. He had a large box of devices he had taken off of phone lines. All domestic spying by spouses.
That’s a thing.
And @Cyberoo2, too:
Having worked against stalkers who use spyware apps & software & also GPS trackers, it’s great to see attention being made to this. I have also suggested to Police departments in training officers to recognise such apps etc. when dealing with stalking victims.
And Finally:
Bicycle: My Nemesis (Eva Galperin)
[Audio is very quiet—it’s not a problem at your end]
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.
Fair-use image source: Eva Galperin
