Charlie Osborne
for Zero Day
| August 5, 2021 — 10:27 GMT (11:27 BST)
| Topic: Security
BLACK HAT USA: We need to be wary of mobile devices and IoT products, now widely abused to facilitate partner coercion, researchers have warned.
At the Black Hat cybersecurity conference in Las Vegas this week, Lodrina Cherne, Principal Security Advocate at Cybereason and Martijn Grooten, consultant and coordinator at the Coalition Against Stalkerware said that the COVID-19 pandemic has prompted a surge in the use of stalkerware in intimate partner violence (IPV) and gender-based violence.
The Coalition Against Stalkerware defines stalkerware as software, made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without consent and without “explicit, persistent notification to that user in a manner that may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.”
Mobile applications and PC monitoring software come straight to mind. Unlike spyware, which may be employed to monitor indiscriminately or by government agencies and law enforcement investigations, stalkerware is generally used by individuals.
Such software can be used to remotely monitor and eavesdrop on phone calls, SMS messaging, Voice over IP (VoIP) applications, GPS/location data, messaging and social media apps, and to steal images and video from an infected device.
It is often the case that stalkerware is installed through physical access to a handset. However, malicious SMS messages or phishing emails may also be the infection vector, although remote installation in stalkerware is rare, Cherne noted.
“They are not hidden from a forensic practitioner,” Cherne commented. “But they are hidden from the user.”
According to the duo, stalkerware is most common on Android mobile devices, whereas this form of malware is most often detected on jailbroken, unpatched, or older iOS handsets. Desktop PC stalkerware also exists, although it is not as prolific.
While survivors may be “hyper-vigilant,” as they have had to be to endure IPV, the suspicions or belief they are being spied upon through stalkerware should not be dismissed.
“Survivors should always be taken seriously to empower them,” Grooten said. “Don’t make decisions on their behalf and try to be supportive [..] understand that this is an abuse problem, not a technical problem.”
Founded in 2019, the Coalition Against Stalkerware is a group of non-profit organizations, security advocates, and cybersecurity companies working together to fight stalkerware and other forms of technological abuse in domestic violence and coercive relationships.
Participants include F-Secure, the Electronic Frontier Foundation (EFF), Kaspersky, Malwarebytes, National Network to End Domestic Violence (NNEDV), and others. Interpol also supports the scheme.
“In recent years, the problem of stalkerware has been on the rise globally,” the coalition says. “Non-profit organizations report a growing number of survivors are seeking help with stalkerware, and cybersecurity companies are detecting a consistent increase in these harmful apps.”
For further information and advice, check out the coalition’s guide video below, or check out our in-depth guide here:
Previous and related coverage
Android stalkerware detection rates surged over 2020
The ultimate guide to finding and killing spyware and stalkerware on your smartphone
Google bans stalkerware ads
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
Related Topics:
Mobility
Security TV
Data Management
CXO
Data Centers
Charlie Osborne
for Zero Day
| August 5, 2021 — 10:27 GMT (11:27 BST)
| Topic: Security