"Xnspy Stalkerware Spied on Thousands of iPhones and Android Devices"

A monitoring app called Xnspy has stolen data from tens of thousands of iPhones and Android devices, and most owners are unaware that their data has been compromised. Xnspy is one of many stalkerware apps marketed as allowing a parent to monitor their child's activities but are used by many to spy on a spouse or domestic partner's devices without their permission. Stalkerware apps, also known as spouseware, are installed covertly by someone with physical access to a person's phone, bypassing on-device security protections, and are designed to remain hidden from home screens, making them difficult to detect. Once installed, these apps will silently and continuously upload the contents of a person's phone, including call history, text messages, photos, browsing history, and precise location data, giving the person who planted the app near-complete access to the victim's data. New research shows that many stalkerware apps have security flaws and expose data stolen from victims' phones. Security researchers Vangelis Stykas and Felipe Solferini spent months examining several known stalkerware apps and analyzing the edges of the networks to which the apps send data. Their study discovered common and easy-to-find security vulnerabilities in several stalkerware families, including Xnspy, such as credentials and private keys left in the code by the developers and broken or nonexistent encryption. In some cases, the flaws expose the victims' stolen data, which is now on the insecure servers of someone else. Stykas and Solferini discovered clues and artifacts that identified the individuals behind each operation during their research, but did not share details of the vulnerabilities with the stalkerware operators or publicly disclose details about the flaws for fear of benefiting malicious hackers and further harming victims. According to Stykas and Solferini, all of the flaws they discovered are simple to exploit and have most likely existed for years. This article continues to discuss the Xnspy monitoring app stealing data from iPhones and Android devices. 

TechCrunch reports "Xnspy Stalkerware Spied on Thousands of iPhones and Android Devices"

Submitted by Anonymous on