Apps for Stalkers Disguised as Parental Control Tools

Sell something called “SuperParent” or even the actual FlexiSpy — and all is swell. Frankly, I’m not opposed to monitoring a child’s phone, kids shouldn’t have phones anyways.

But sell something called “iStalk” or “StalkU,” well … this won’t quite go over well with the authorities or the general community.

It’s all in a name (pardon the cliché).

Apps that track users contain Spyware. A wannabe stalker can secretly install such an app on their intended victim’s phone via any of the following:

  • Manual access to the phone
  • Link to a Twitter share
  • Share for LinkedIn or Whatsapp
  • Text a link posing as security update

Sending a “malicious” link works when its clicked. However the stalker will usually need to have access to the victim’s phone to install the tracking software. With the way people leave their phones lying around, this is fairly easy to do – to users who don’t have a password set up for their device or share their password with their “stalker”.

What can some “stalking apps” track?

  • Call logs
  • Contents of text and chat messages
  • Location of phone (and hence, victim if the phone is with them)
  • Listening in to ambient sounds picked up by the phones microphone
  • Listening in to phone calls
  • Access to voicemail

According to a 2014 study by the National Network to End Domestic Violence, 54% of domestic abusers use tracking software, for which its icon can be visibly concealed from the victim.

Though availability of tracking apps has become more limited over time, due to the revelations of how these have been abused, they are still available, such as mSpy, which can be easily downloaded to Android devices.

Downloading stalkware to iPhones is more challenging, but far from impossible. In fact, one technique doesn’t even require physical access to the target’s phone. And even then…this can be breached by a techy stalker.

How do app makers cover their butts?

They include language with their apps, such as citing that consent of the target is required before installation, or that the app company will cooperate with law enforcement should a complaint be reported.

Stalkware isn’t going away anytime soon. Thus, the emphasis needs to be on prevention.

How to Prevent Remote Stalking

  • Heavens, please don’t let your new boyfriend/girlfriend talk you out of having a password with some kind of nonsense like, “If you trusted me you wouldn’t need a password.”
  • Never share passwords.
  • Tell him or her – on the first date – that  your phone is off-limits to them. If they give you flack, it’s over. Only a control freak would mind this.
  • If they keep cool, this could be an act to gain your trust. Never leave your phone alone with that special someone.
  • Keep your phone turned off unless you’re using it.
  • Disable the GPS feature.
  • Never leave your phone unsupervised in the presence of other people, even your new boyfriend’s great-grandmother.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Scammers are Targeting Your Venmo and P2P Accounts

Do you use Venmo or other P2P accounts? If so, you definitely could be a target of scammers. Across the county, people are losing their cash, and it often happens so quickly that they don’t even know what’s happening.

You might think that you couldn’t be a victim, but scammers are often smarter and trickier, and they won’t hesitate to take advantage of you.

Here’s how they are doing it:

A stranger approaches you to use your phone. They have a sob story to make this scam more credible. You hand your phone over, they make it look like they are dialing, but instead, they are doing something else: swiping and searching your phone for “Venmo” and easily getting into your Venmo account and transferring money to themselves. People are losing thousands of dollars simply for being kind to a stranger.

Tips to Keep Yourself Safe

When using a P2P payment system, you should know that they all require access to your financial info. So, when you use them, make sure that your account settings are set in a way to ensure all of the security measures that you can set. In order to keep yourself safe from scams like this, there are some tips that can keep you safe.

  • Two step authentication. Access the menu, turn it on. This might include using PIN, a biometric log in, like a fingerprint.
  • Get the money out of your account. In most P2P apps, when you get a payment, the money is generally added to the balance held in the app. It doesn’t appear in your bank account until you transfer it or use it in another way. If you want to transfer money to your bank account, you should definitely make sure that the deposit went through. Just keep in mind that it could take a couple of days to transfer.
  • Pay only those you know well. Scammers know a lot of tricks, and they will find methods to trick you into paying them in ways you would never expect. So, if you are sending money from one of these apps or sites, make sure that you know the person you are sending money to. If you are using the app or site to get money from someone else, transfer the payment into your bank account and make sure it transfers before you send any goods.
  • Disconnect from Social Media: Finally, keep in mind that there are apps or sites might share your transaction information on social media. Check your social media settings because some of these settings might be set to share this info. Just make sure you are comfortable with what is going out on social media.

Should Stalking or Spying Apps be banned?

The words “spying” and “stalking” have negative connotations, but there’s a flipside to the coin: parents monitoring their kids’ online activities and physical locations. And how about middle-aged adults keeping track of the whereabouts of their aged parents with dementia?

7WIf you fear that apps for “spying” might get banned, here’s bad news: U.S. Senator Al Franken is pushing for this.

However, Franken’s proposed law will actually permit these constructive uses. His plan is to require companies to give permission to users before collecting location data or conducting any sharing of it. But suppose a real stalker poses as a concerned parent, how would the company know?

And when spying and stalking apps are used malevolently, should their makers bear responsibility? Is this like saying that the company that makes steak knives is responsible for the man who used one to stab his ex-friend?

However, maybe that all depends on whom the stalking and spying app company targets for customers. A now defunct maker of stalking apps targeted people who wanted to stalk their spouses, and its CEO was indicted last year and fined half a mil.

Another such maker, markets their product for good uses like keeping tabs on kids: a smarter move. Their site even calls their software “monitoring” rather than “stalking” or “spying.”

With that all said, it’s illegal to spy on someone with these apps without their permission. The line is very blurry, because it’s not illegal for a manager at the workplace to follow a subordinate and watch his every move, including what he’s doing on his computer during work hours.

Banning these kinds of apps will not go over well with the many parents who see them as a godsend for keeping a watchful eye on their kids, not to mention the many middle-agers who, without these apps, would fear that their elderly parents with dementia might wander off and get lost or in harm’s way.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Tech Tips and Disaster Prep Planning

A 93-year-old woman survived Hurricane Sandy, but not before her family went through hell wondering if she was alive, being that her landline was down and she had no cellphone. Lesson learned: Elderly people who live alone should have a cellphone. This technology is available; use it.

7WTexting

With today’s technology, it’s easier than ever to prepare and plan for disasters. Texting seems more functional than calls when lines are jammed say in a tornado-ravaged town (or the Marathon bombings) with no conventional phone lines, or working lines that are jammed.

Prepare by getting used to texting and making sure all family members are savvy with it. Stage mock disasters by texting from dark closets, traffic jams and outside “buried” in a snowdrift.

Keeping updated

Make a list or bookmark the websites for state and local governments, since they will have real-time updates on catastrophes (mud slides, tornadoes, wildfires, etc.). Google “emergency management” for your county or city to get started. Follow local police and other agencies on Twitter and Facebook. Example: the world and media followed the Boston Polices Twitter page all through the bombings all the way to the capture.

Emergency apps

Smartphone apps will also keep you updated such as those from the American Red Cross. There are apps for first aid, earthquakes, hurricanes, wildfires and more, even one for a shelter finder.

Non-tech Preparedness

Before a calamity hits, stock up on water, non-perishable food, first aid supplies, flashlights, other tools, etc. Consider a cloud storage system for things like insurance cards. Practice accessing it.

Keep cool, stay informed

Don’t panic. But at the same time, don’t lose sight of the gravity of a situation. People of all ages need to keep pace with evolving technology and use it to your advantage. .

Take advantage of today’s technology to prepare for disasters—even if it’s just to tell a loved-one, “I’m safe.”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

New app stores house or car keys online. Is it safe?

Ever lock yourself out of your car or home? I’ve done each at least once this year; that’s about my average. After the last time I got stuck on the cold side of my front door, I decided to go with keyless locks for my home, specifically the Schlage Touchscreen deadbolt, and it has solved my problem. But then there’s still my vehicle to consider; while autos are now available with keyless door locks too, I haven’t graduated to that just yet.

Anyway, I was made aware in the comments of a post of an innovative startup called KeyMe, which is a smartphone app you use to take a photo/scan of the keys you want to have a virtual backup of. Once the backup is made, it’s stored online, and users can download instructions to provide to a locksmith who will be able to make a duplicate. KeyMe also offers kiosks, which are rolling out in certain cities as a test pilot. At the kiosk, you’d simply alert the kiosk via the app of the instructions to make you a new key. But one commenter was concerned of the safety and security of posting your keys online and then getting hacked.

So, is KeyMe safe?

Certainly, if your digital copies of home or auto keys ended up in the wrong hands, that would be an issue. Today, any site storing personal information has an obligation (and it’s in its best interest) to ensure a user’s security by encrypting the user’s data and adding multiple layers of protection in the form of hardware and software, as well as physical security at the server level.

So, at its face value, I’d say the data is safe. However, I’d recommend not posting any associated names or addresses with an account like this. Use an obscure username, and consider using an email not associated with your real name. And make sure your devices are password protected so if your device is lost or stolen, a criminal doesn’t have access to your house keys. Keep your devices’ antivirus up to date, and get a home security system because if all else fails, even keyed access will set off your alarm.

 And sign me up! I need this!

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.