Light Dark
July 19, 2021 By David Bisson 2 min read
News

Who stalks the stalkers? When it comes to Android security, stalkerware presents a double risk.

It’s common knowledge that mobile stalkerware undermines a target’s privacy. That’s kind of the point. A stalkerware incident often involves someone, such as a spouse, gaining physical access to someone’s smartphone and installing a monitoring app. They then use that software to remotely track what another person is doing on the device or spy on where they’re going.

What’s not so widely known is that stalkerware vendors don’t always code their apps correctly.

For instance, ESET found over 150 errors in 58 stalkerware Android apps. Those issues not only further compromised targets’ Android security and privacy, they also put the snoopers themselves at risk.

Read on to learn which weaknesses appeared most frequently in the apps surveyed.

Android Security Stalkerware Problems at a Glance

Out of the 158 issues ESET found, the most common type was insecure transmission of users’ personally identifiable information. This category accounted for 22 vulnerabilities, ranking higher than storing sensitive information on external media and exposing sensitive user information to unauthorized access, which account for 19 and 17 weaknesses, respectively.

The fourth most prevalent problem, at 17 weaknesses, was server leak of stalker information. ESET found that several stalkerware apps kept information about those using the app to track someone. It also stored a victim’s data on a server — even after the stalker requested that the service delete their information. That data might have included more information about the tracker in the event that they had an existing connection with the target.

Sometimes, victims’ information remained on a stalkerware service’s servers even after the snooper removed their account.

ESET reported the Android security and privacy issues to the stalkerware vendors as part of its 90-day responsible disclosure policy. As of reporting, only six responded by fixing the issues, while seven said that they were working on a fix. One vendor decided not to fix the reported issues; the rest didn’t respond.

The Growth of Stalkerware

ESET’s researchers also found that Android stalkerware detection increased by 48% between 2019 and 2020. This growth has continued into 2021. For example, Avast observed a 93% increase in the volume of spyware and stalkerware app detection over the first two months of the year. That’s compared to the same time period in 2020.

In response, some digital defense groups took action. For instance, the Coalition Against Stalkerware developed a standard definition of stalkerware, which encouraged research into the way it spreads. They also created TinyCheck for the purpose of detecting stalkerware apps, which can pose threats to Android security as well as to other brands of smart phones, in a more efficient manner.

How to Defend Against Stalkerware

The issues discussed above highlight the need for organizations to defend themselves against stalkerware. One of the ways they can do that is to educate their employees about what to look for. For example, smart phone users should delete unused apps and look for strange changes on their devices. In addition, never leave your devices unattended.

In the event organizations discover stalkerware installed on a connected device, they need to approach removal carefully. The best thing to do is to not notify the victim in a way that could be discovered on the compromised device. Instead, they should speak to the victim in person and proceed from there.

 |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from News
December 19, 2023

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

August 16, 2023

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature