Stalkerware Apps Riddled with Security Bugs - silversurfer - 19 May 21
Quote:Android stalkerware apps – used to surreptitiously track people’s movements and digital activities – turn out to themselves be rife with security holes that put victims in even danger.
Stalkerware can track the GPS location of a victim’s device, record conversations, capture images and snoop on browser histories. And overall, according to ESET researcher Lukas Stefanko, the apps access, gather, store and transmit more information than any other app their victims have installed.
“During our research, we identified that some stalkerware keeps information about the stalkers using the app and gathered their victims’ data on a server, even after the stalkers requested the data’s deletion,” he explained in an analysis on Monday.
While the apps store and transmit all that data, they often unfortunately do so without proper data protection, according to ESET. In an investigation, the firm’s researchers found more than 150 security issues in 58 Android stalkerware apps.
“This analysis identified many serious security and privacy issues that could result in an attacker [separate from the stalker] taking control of a victim’s device, taking over a stalker’s account, intercepting the victim’s data, framing the victim by uploading fabricated evidence or achieving remote code execution on the victim’s smartphone,”
Read more: Stalkerware Apps Riddled with Security Bugs | Threatpost
|