Posts

Apps for Stalkers Disguised as Parental Control Tools

Sell something called “SuperParent” or even the actual FlexiSpy — and all is swell. Frankly, I’m not opposed to monitoring a child’s phone, kids shouldn’t have phones anyways.

But sell something called “iStalk” or “StalkU,” well … this won’t quite go over well with the authorities or the general community.

It’s all in a name (pardon the cliché).

Apps that track users contain Spyware. A wannabe stalker can secretly install such an app on their intended victim’s phone via any of the following:

  • Manual access to the phone
  • Link to a Twitter share
  • Share for LinkedIn or Whatsapp
  • Text a link posing as security update

Sending a “malicious” link works when its clicked. However the stalker will usually need to have access to the victim’s phone to install the tracking software. With the way people leave their phones lying around, this is fairly easy to do – to users who don’t have a password set up for their device or share their password with their “stalker”.

What can some “stalking apps” track?

  • Call logs
  • Contents of text and chat messages
  • Location of phone (and hence, victim if the phone is with them)
  • Listening in to ambient sounds picked up by the phones microphone
  • Listening in to phone calls
  • Access to voicemail

According to a 2014 study by the National Network to End Domestic Violence, 54% of domestic abusers use tracking software, for which its icon can be visibly concealed from the victim.

Though availability of tracking apps has become more limited over time, due to the revelations of how these have been abused, they are still available, such as mSpy, which can be easily downloaded to Android devices.

Downloading stalkware to iPhones is more challenging, but far from impossible. In fact, one technique doesn’t even require physical access to the target’s phone. And even then…this can be breached by a techy stalker.

How do app makers cover their butts?

They include language with their apps, such as citing that consent of the target is required before installation, or that the app company will cooperate with law enforcement should a complaint be reported.

Stalkware isn’t going away anytime soon. Thus, the emphasis needs to be on prevention.

How to Prevent Remote Stalking

  • Heavens, please don’t let your new boyfriend/girlfriend talk you out of having a password with some kind of nonsense like, “If you trusted me you wouldn’t need a password.”
  • Never share passwords.
  • Tell him or her – on the first date – that  your phone is off-limits to them. If they give you flack, it’s over. Only a control freak would mind this.
  • If they keep cool, this could be an act to gain your trust. Never leave your phone alone with that special someone.
  • Keep your phone turned off unless you’re using it.
  • Disable the GPS feature.
  • Never leave your phone unsupervised in the presence of other people, even your new boyfriend’s great-grandmother.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Should Stalking or Spying Apps be banned?

The words “spying” and “stalking” have negative connotations, but there’s a flipside to the coin: parents monitoring their kids’ online activities and physical locations. And how about middle-aged adults keeping track of the whereabouts of their aged parents with dementia?

7WIf you fear that apps for “spying” might get banned, here’s bad news: U.S. Senator Al Franken is pushing for this.

However, Franken’s proposed law will actually permit these constructive uses. His plan is to require companies to give permission to users before collecting location data or conducting any sharing of it. But suppose a real stalker poses as a concerned parent, how would the company know?

And when spying and stalking apps are used malevolently, should their makers bear responsibility? Is this like saying that the company that makes steak knives is responsible for the man who used one to stab his ex-friend?

However, maybe that all depends on whom the stalking and spying app company targets for customers. A now defunct maker of stalking apps targeted people who wanted to stalk their spouses, and its CEO was indicted last year and fined half a mil.

Another such maker, markets their product for good uses like keeping tabs on kids: a smarter move. Their site even calls their software “monitoring” rather than “stalking” or “spying.”

With that all said, it’s illegal to spy on someone with these apps without their permission. The line is very blurry, because it’s not illegal for a manager at the workplace to follow a subordinate and watch his every move, including what he’s doing on his computer during work hours.

Banning these kinds of apps will not go over well with the many parents who see them as a godsend for keeping a watchful eye on their kids, not to mention the many middle-agers who, without these apps, would fear that their elderly parents with dementia might wander off and get lost or in harm’s way.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Tech Tips and Disaster Prep Planning

A 93-year-old woman survived Hurricane Sandy, but not before her family went through hell wondering if she was alive, being that her landline was down and she had no cellphone. Lesson learned: Elderly people who live alone should have a cellphone. This technology is available; use it.

7WTexting

With today’s technology, it’s easier than ever to prepare and plan for disasters. Texting seems more functional than calls when lines are jammed say in a tornado-ravaged town (or the Marathon bombings) with no conventional phone lines, or working lines that are jammed.

Prepare by getting used to texting and making sure all family members are savvy with it. Stage mock disasters by texting from dark closets, traffic jams and outside “buried” in a snowdrift.

Keeping updated

Make a list or bookmark the websites for state and local governments, since they will have real-time updates on catastrophes (mud slides, tornadoes, wildfires, etc.). Google “emergency management” for your county or city to get started. Follow local police and other agencies on Twitter and Facebook. Example: the world and media followed the Boston Polices Twitter page all through the bombings all the way to the capture.

Emergency apps

Smartphone apps will also keep you updated such as those from the American Red Cross. There are apps for first aid, earthquakes, hurricanes, wildfires and more, even one for a shelter finder.

Non-tech Preparedness

Before a calamity hits, stock up on water, non-perishable food, first aid supplies, flashlights, other tools, etc. Consider a cloud storage system for things like insurance cards. Practice accessing it.

Keep cool, stay informed

Don’t panic. But at the same time, don’t lose sight of the gravity of a situation. People of all ages need to keep pace with evolving technology and use it to your advantage. .

Take advantage of today’s technology to prepare for disasters—even if it’s just to tell a loved-one, “I’m safe.”

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

How to Protect Your Privacy From “Leaky” Apps

Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions.

“An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.”

And since then, our level of engagement with mobile apps has only increased (with over 10 billion apps downloaded), while there has not been a lot of movement to prevent applications from accessing your data.

So what to do? Privacy concerns are justified, but there is a limit to what how this information can be utilized. If you feel the urge to free yourself from data tracking, you could delete and avoid apps, or you could provide false information, but that could violate terms of service and might not be effective, anyway.

When downloading an application, make an effort to consider what you are giving up and what you are getting in return, and to consciously decide whether that particular tradeoff is worthwhile.

You can also use mobile security software like McAfee Mobile Security that scans your installed apps to determine the level of access being granted to each of them. This feature then alerts you to apps that may be quietly siphoning data and enjoying unnecessarily extensive control of device’s functionality and then you can decide if you want to keep the app or delete it.

With better insight, you can take more your mobile security and privacy into your own hands.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)