Keep Devices And Wearables Close And Secure To Prevent Stalkerware

The Federal Trade Commission (FTC) recently proposed an order banning SpyFone and its CEO Scott Zuckerman from the surveillance business and ordered the organization to delete all stolen data.

The decision stemmed from allegations that the stalkerware app secretly collected and shared data and failed to implement basic cybersecurity measures in violation of the law.

A hidden device hack allowed the app to record people's physical movements, phone use, and online activity.

The company then sold real-time access to their secret surveillance, which allowed stalkers and domestic abusers to secretly track their victim, according to the FTC. Some of SpyFone's products allowed purchasers to see the device's live location and view user's emails and video chats.

Those who purchased the app received instructions on how to hide the app so that device owners did not know they were being monitored. Purchasers had to bypass many of the restrictions on Android devices to install the app. To use certain functions such as email monitoring, purchasers also had to "root" the phone, which further exposed the device to security threats and could invalidate the warrantee.

The FTC also alleged that SpyFone's lack of basic cybersecurity exposed the owners of devices being tracked to hackers, identity thieves, and other cyber threats. Despite claiming to take "reasonable precautions to safeguard" data, the app failed to encrypt stored personal information, including photos and text messages, or ensure that only authorized users could access personal data. It also transmitted purchasers' passwords in plain text.

After a hacker stole the personal data of around 2,200 individuals in Aug. 2018, SpyFone allegedly promised to work with an outside data security firm and law enforcement to investigate the incident. However, according to the FTC, it never did so.

The FTC voted 5-0 to issue a proposed administrative complaint and accept a consent order banning Support King, LLC, doing business as SpyFone.com, and Zuckerman from offering, promoting, selling, or advertising any surveillance app, service, or business.

The proposed settlement also ordered SpyFone to delete any obtained data from their stalkerware apps. SpyFone must notify device owners that the app has been secretly installed on their device, that they may have been monitored, and that the device may not be secure. 

The proposed order will be published in the Federal Register and subject to public comment for 30 days. The FTC will then decide on making the proposal final. "FTC Bans SpyFone and CEO from Surveillance Business and Orders Company to Delete All Secretly Stolen Data" www.ftc.gov (Sep. 01, 2021).

Commentary

Spyware, or stalkerware, refers to apps, software, and devices that let another person secretly monitor and record information about activity on your device, according to Techsafety.org.

Outside of phishing and other online deceptions, another method for people to monitor your online activity is by gaining access to your device and uploading an application like SpyFone.

For these reasons, it is important to keep your devices close to your person, especially your phone or wearables. Make certain you utilize a strong, unique access code for each device and never share your access code.

If you have reason to believe that your device is infected with spyware, a factory reset can likely remove the malicious app or software.

Finally, your opinion is important to us. Please complete the opinion survey: