Common Android stalkerware apps are affected by vulnerabilities that could expose the privacy and security of the victims.

Mobile stalkerware, also known as spouseware, is used by a stalker to spy on a victim. The app can collect GPS location, spy on conversations, access browser history, images, and other sensitive data stored on the device. 

This type of software has become very popular in the last few years. The software which could be easily found online are mostly advertised by their developers as a solution to protect children, but they offer spyware features that could be also abused by a third party.

According to ESET researchers, on analysis of 86 Android stalkerware apps, over 150 security vulnerabilities were discovered in 58 Android stalkerware apps that further expose the victims to other privacy and security risks.

The researchers manually analyzed 86 stalkerware apps for the Android platform, provided by 86 different vendors. A person who installs and remotely monitors or controls stalkerware is defined as a stalker whereas a victim is a targeted person that a stalker spies on using the stalkerware. An attacker is a third party whom the stalker and the victim are not usually aware of. An attacker can perform actions such as exploiting security issues or privacy flaws in stalkerware or in its associated monitoring services.

The flaw could be exploited by the attacker to get control over the victim’s device and it could also threaten the victim by uploading fabricated evidence. 

The researchers disclosed the flaw to the development team following their 90-day coordinated disclosure policy. As of now, only six vendors have addressed the flaws discovered by the researchers, and only seven vendors plan to fix them, and in one case a vendor decided not to fix the reported issues.

Most common issues include the insecure transmission of victim’s PII and the storage of sensitive data on external media.

The researchers concluded that this research should be taken as a warning to future clients of stalkerware to reconsider using software against their spouses and loved ones, as it is not only unethical, but also might lead to revealing the private and intimate information of their spouses and leave them at risk of cyberattacks and fraud.

It is also risky to the stalker as there could be a close relationship between stalker and victim and hence their private information could also be exposed.

Image Credit : Daily Advent

The post Android stalkerware, a danger for victims and stalkers first appeared on Cybersafe News.

You May Also Like

NUCLEUS:13 vulnerabilities affect millions of IoT devices; update now

Experts recently discovered a set of critical vulnerabilities that could allow threat…

New Log4j attack allows hacking devices that are not exposed to internet via localhost

In recent days it was revealed the detection of a new attack…

3 XSS vulnerabilities in IBM Security QRadar SOAR: Update immediately

Cybersecurity specialists reported the detection of multiple vulnerabilities in IBM Security QRadar…

7 vulnerabilities patched in Wireshark. Update immediately

Cybersecurity specialists report the detection of various vulnerabilities in Wireshark, the popular…