How hackers can break into child monitoring apps to access your Facebook messages, texts, and phone call data
- A researcher uncovered a loophole in two so-called ‘stalkerware’ apps
- The tools allow anxious parents track their children’s online activity
- But the bug gave hackers access to the data of thousands of users
1
View
comments
Creepy apps designed to help anxious parents track their children’s online activity exposed the private messages of thousands of people.
A loophole in two of the so-called ‘stalkerware’ apps handed cyber criminals access to people’s Facebook messages, texts, and phone call data and GPS coordinates.
Around 28,000 users – many of whom were children – were left exposed by the bug, according to an investigation from Motherboard.
Stalkerware apps are technically legal, but have stirred controversy in the past when people have employed them for illicit spying.
Paranoid spouses have illegally used the software to snoop on spouses, while bosses use them to track the activity of workers.
Scroll down for video
Pictured is the admin dashboard of the ‘stalkware’ app Xnore. The app allows people to track the GPS coordinates, text and phone data of a monitored device. A new investigation has revealed a loophole in the app exposed the details of thousands of users
WHAT IS ‘STALKERWARE?
Stalkerware is software that allows you to spy on someone’s phone or tablet.
They are often advertised to parents who wish to track the online activity of their child, or bosses looking to snoop on their employees.
Typically, stalkware allows you to remotely intercept messages, photos, browsing history, GPS coordinates and even phone call data.
They work by pairing an online account to an app that is installed on the device you wish to spy on.
Users can then remotely access the phone’s data without the owner knowing they are under surveillance.
Stalkerware apps are technically legal, but have stirred controversy in the past when people have employed them for illicit spying.
One such application, called Xnore, can intercept messages, photos, browsing history and even GPS coordinates.
It can also secretly record phone calls.
Users typically pair the app to a monitored phone or tablet, allowing a parent to track the messages and movements of their child.
But an investigation revealed that the site allowed hackers to spy on the data of any monitored device registered with the site.
A loophole in the system allowed cyber criminals to open the HTML code of the site to see a ‘mobile identifier’ used by Xnore to view and collect data.
This meant they could secretly monitor the messages, recorded phone calls and locations of thousands of users, many of whom are children.
After Motherboard contacted the Xnore, the company removed the function from its website and added an ‘additional level of authentication when adding devices’.
-
Russian hackers publish private messages from 81,000… Modern-day Noah’s Ark: Complete DNA codes of all 1.5 MILLION… China now has SEMINARS to teach other countries how to… Nasa announces supersonic tests for its ‘son of Concorde’…
Share this article
Pictured is Xnore’s website. A loophole in the app handed cyber criminals access to people’s Facebook messages, texts, and phone call data
The news outlet received a tip-off about the loophole from a hacker known only as L&M.
They said: ‘Such companies care only about how to spy, and the confidentiality of the victims’ data and their safety does not interest them.’
L&M spotted a flaw in a second app known as Copy9, which offers a similar service to Xnore.
Stalkerware apps are technically legal, but have stirred controversy in the past when people have employed them for illicit spying (stock image)
The researcher said they accessed the usernames and passwords of around 12,000 users.
They claimed to have had access to the data of all the surveillance targets of those users, including text messages, photos, WhatsApp chats and call recordings.
Copy9 failed to respond to a request for comment on the security breach.
Source: Read Full Article