The Apps Your Partner Could Be Using to Spy on You

Someone could be spying on you right now and you might not even know about it.

“These apps are brutal,” Ondrej Krehel told me during a conversation about spyware, or “spouseware” as the software is sometimes called.

“It doesn’t matter what ‘intended use’ these app developers claim in their sales pitches. They are increasingly being used by teens to spy on their love interests,” Krehel said. “It’s quite prevalent.”

Krehel is CEO and founder of LIFARS, a digital forensics and cybersecurity intelligence firm. He sees spyware as a concern for consumers.

“The malware that is used to spy on terrorists and other criminals is not too different from the spyware currently marketed to consumers — although it has fewer features,” Krehel said.

What ‘Spouseware’ Can Do

FlexiSpy, mSpy and Mobile Spy are some of the names in the consumer spyware app business. The applications make it possible to monitor virtually every communication made on a targeted smartphone or computer.

The various spyware, or spouseware, apps available on the market can let users see absolutely everything that happens on a device. It’s like a surveillance camera pointed at the user’s screen.

Here’s an at-a-glance list of what kind of information would-be spies can see:

  • All social media
  • Snapchat
  • Encrypted messaging apps like WhatsApp
  • Dating Apps
  • Text messages
  • Calls
  • Real-time GPS location

At $29.99 a month, pretty much anyone can be a spy. MSpy alone has more than a million users.

The stories of stalkers, jilted lovers and overzealous admirers are legion. In 2014, NPR reported that 85% of 72 domestic violence shelters they surveyed said they were working with victims whose abusers tracked them with GPS. Seventy-five percent said they had worked with victims whose abusers used hidden mobile apps to eavesdrop on them remotely.

While there is sadly no shortage of stories out there, most are told under the cloak of aliases. Although largely anecdotal, Krehel told me the misuse of spyware among teens was without doubt a growing problem.

“I would say 30% of the spyware users out there are young guys spying on their girlfriends,” he said.

The end user agreements are clear. These apps are to be used for legal purposes only. The marketing is not pointed at monitoring fidelity, but rather what a child is getting up to or as an enterprise tool for managing employees.

The app developers make it clear that any monitoring made possible with spyware should be done with the consent and knowledge of the party whose device is being tracked.

MSpy’s user agreement says: “User acknowledges that the Software shall be used for the purpose of monitoring, tracking and obtaining access to certain devices as cell phone and computer (including, but not limited to, email and text messages) of children and employees and other device owners with their consent hereto, including through the use of devices, on which the Software is installed.”

It is illegal to spy on someone without their consent. The problem here is that while it’s illegal, the penalties are not very serious. Krehel stated that while a person might get 30-day jail sentence or pay a fine, the damage inflicted is sometimes life-changing with victims and the people in touch with them suddenly finding themselves in divorce proceedings, losing jobs or even committing suicide.

What to Do

As with all things security-related, it is good practice to assume that the unimaginable — or in this case the prevalent — can happen to you, too. It’s also wise to take the necessary measures to prevent it.

  • While it is possible to install spyware remotely on some Apple products, most often physical possession of a device is required. Never surrender your device to anyone, or leave it unattended.
  • Don’t assume your passwords are unknown to those closest to you. (Check out these tips for better internet safety.)
  • Never share your cloud credentials, since this makes it possible to install some types of spyware.
  • Protect your passwords and change them often. Or use biometric authentication.
  • Don’t assume that just because you don’t see a spyware app on your device that it isn’t there. Check for installed apps and software (this may require programs that review apps and software), and become acquainted with the software and apps out there.
  • If you suspect you’ve got spyware on a device, save what needs to be saved on an external drive and wipe the device, restoring the factory default settings. But bear in mind that there are some snooping techniques (the NSA place their exploits directly on a chip in the device hardware) where a factory reset won’t help you.
  • To further guard against fraud and identity theft, monitor your credit for any suspicious changes. You can get a free credit report snapshot on Credit.com.

It’s rough out there for people concerned about their privacy, but being alert goes a long way.

Image: shapecharge

The post The Apps Your Partner Could Be Using to Spy on You appeared first on Credit.com.

Is Your Gym Exposing More Than Your Abs?

The gym is a great place to burn off steam — and to get scammed.

When Apple announced a serious hardware flaw last week, and the critical security patch that addressed it, my first thought was perhaps arbitrary: “That exploit would work at the gym.” My next thought: what else would?

The discovery of a zero-day exploit affecting hardware—specifically a WiFi chip embedded in the main processors of Apple devices—was serious news. The vulnerability makes it possible for a hacker within range to “execute arbitrary code on the Wi-Fi chip.” A similar vulnerability was announced and patched on the Android platform earlier in the month.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

The gym is often seen as a safe space to burn off steam, clear your head and boost your heart rate but it can also be dangerous. The gym stores a lot of personal information and is filled with strangers in close proximity to one another. Because of this, it’s important to think about more than building physical strength — building cyber strength is crucial to making yourself a harder target to hit.

Here are a few things to make your next trip to the gym as scam-proof as possible.

How Is Your Personal Information Stored?

Your gym can require and request a ton of personal information: your Social Security number, driver’s license number, credit and banking information, your home address, and in some cases your medical or health information. When in the hands of the wrong person, this information can lead to identity theft and major breach of privacy.

Your job is to reduce your attackable surface and watch out for scams.

The first question you should ask is how your information is stored, and who has access to it. Don’t accept a vague answer unless it is the correct answer. “I’m not sure,” might indicate an ill-informed point of contact at the front desk or, worse, a total lack of data security. Don’t be surprised if everyone who punches the clock at your gym has access to your information.

Because of this, it’s important to think about what kind of information your gym has and why they need it. Try to limit what information they get, even if it is “required.” While the gym needs to identify you, they don’t need much data to do that. It’s your job to give them the bare minimum they need.

Juice Jacking

Be wary of charging your devices at the gym. Simply plugging your phone into the wall can make you vulnerable to juice jacking, a cyberattack where a charging port does double duty as a data connection that either steals user data or downloads malware to steal it at a later time.

Though it seems unlikely, if your gym’s owner isn’t up to date with scams, the gym may unwittingly allow a hacker to install a data-stealing kiosk for members to use.

Always pay attention to phone pop-ups. Both Apple and Android now have stopgaps to avoid juice jacking exploits, but the warning screen can be distractedly tapped away and ignored, thus opening the door to an intruder.
If you want to reduce the risks while charging your devices at the gym, look into USB cords without data transporting cables. You can also make juice jacking impossible by using the AC adapter your device came with or a back-up battery device.

Public Wi-Fi

Here’s another way your devices can leave you vulnerable to attack. Signing on to your gym’s public Wi-Fi can be risky — such is the case whenever you log on to a public Wi-Fi network. Another thing to remember: Hackers may not always ask for the gym owner’s permission to set up the Wi-Fi network that’s labeled with the gym’s name.

In addition to the fake Wi-Fi set up, there’s the threat of a man-in-the-middle attack. This attack can secretly alter the communication between two parties and even lead to eavesdropping by an unknown third party.

If you are going to log on to the Wi-Fi at your gym, always look for HTTPS in the address and the green lock near the URL of the sites you visit and think long and hard before visiting destinations like banks, credit cards and the like that require or provide access to sensitive information.

Remember, if you ever have any suspicion your information has been compromised, always contact your credit card providers ASAP. It’s also helpful to check your credit for any sudden changes (You can get a free credit report snapshot at Credit.com) While knowing the latest threats out there, and utilizing security updates the moment they are issued is great and absolutely necessary, it’s important to bear in mind that there is no anti-fraud silver bullet. Gyms are neither better nor worse than anywhere else when it comes to data security practices, but they are definitely places where you can be harmed.

If you assume your information is vulnerable, at the gym or anywhere else, and you take the effort to limit your data exposure and minimize your attackable surface, you have the best shot at staying in good shape. If you do find a security problem at your gym, maybe it’s time to demand solutions. At the very least, if you see something, say something. And if you’re really worried, find a new gym that practices better cyber and data hygiene.

Image: BraunS

The post Is Your Gym Exposing More Than Your Abs? appeared first on Credit.com.