(ClevGuard claims it also supports iPhones by asking for iCloud credentials to access the contents of iCloud backups, which is against Apple’s policies.) The app has to be installed by a person with physical access to a victim’s phone, but the app does not require rooting or jailbreaking. The app, which has to be bought and downloaded from ClevGuard directly, can be installed in a couple of minutes.
Android image bucket android#
Using a burner Android device with the microphone sealed and the cameras covered, TechCrunch installed the app and used a network traffic analysis tool to understand what data was going in and out of the device - and was able to confirm crimew’s findings. It’s believed the bucket was inadvertently set to public, a common mistake made - often caused by human error - nor was it protected with a password. TechCrunch obtained a copy of the Android app from maia arson crimew, a developer who reverse-engineers apps to understand how they work.Ĭrimew found that the app was exfiltrating the contents of victims’ phones to an Alibaba cloud storage bucket - which was named to suggest that the bucket only stored data collected from Android devices. Its maker, ClevGuard, pitches the spyware app as a “stealthy” way to keep children safe, but also can be used to “catch a cheating spouse or monitor employees.”īut the security lapse offers a rare insight into how pervasive and intrusive these stalkerware apps can be.ĬlevGuard’s website, which makes the KidsGuard phone spyware (Image: TechCrunch) That’s prompted privacy groups and security firms to work together to help better identify stalkerware. Although many of these apps are marketed toward parents to monitor their child’s activities, many have repurposed the apps to spy on their spouses. These consumer-grade spyware apps - also known as “stalkerware” - have come under increased scrutiny in recent years for allowing and normalizing surveillance, often secretly and without obtaining permission from their victims. The app, KidsGuard, claims it can “access all the information” on a target device, including its real-time location, text messages, browser history, access to its photos, videos and app activities, and recordings of phone calls.īut a misconfigured server meant the app was also spilling out the secretly uploaded contents of victims’ devices to the internet.
A spyware app designed to “monitor everything” on a victim’s phone has been secretly installed on thousands of phones.
0 kommentar(er)
