Spy Apps Expose Millions of People's Data

Spy apps Cocospy and Spyic have a big problem. A security flaw in these apps is leaking personal data from millions of phones and tablets. This data includes messages, photos, and call logs. The flaw also exposes the email addresses of people who signed up to use these apps to spy on others. The apps are designed to stay hidden on a victim's device, secretly sending data to a dashboard that the person who installed the app can see. Most people don't know their devices have been compromised because these apps are so sneaky. The operators of Cocospy and Spyic haven't fixed the bug yet. The flaw is easy to exploit, so details about it aren't being shared publicly to avoid making the problem worse. A security researcher found the bug and collected millions of email addresses from the apps' servers. These email addresses were then added to a data breach notification service called Have I Been Pwned. The service marks this data as sensitive, so only the affected person can check if their information is included. Cocospy and Spyic are part of a long list of surveillance products that have had security issues. These apps are often sold as parental control or employee-monitoring tools, but they are also used for illegal spying on partners or spouses. Stalkerware apps like these are banned from app stores, so they are usually downloaded directly from the provider's website. They often require physical access to the victim's device and knowledge of the device's passcode. For iPhones and iPads, these apps can access data stored in Apple's iCloud service if the attacker has the victim's Apple account credentials. Not much is known about the people behind Cocospy and Spyic. They try to avoid public attention because of the legal and reputational risks involved. Both apps were launched in 2018 and 2019, and Cocospy is one of the largest-known stalkerware operations today.

Researchers have found evidence linking these apps to a China-based mobile app developer. The apps were tested on a virtual device, and it was found that they send data through Cloudflare, a network security provider. The data is then uploaded to a cloud storage server hosted on Amazon Web Services. The apps occasionally respond with messages in Chinese, suggesting a connection to China. Neither Amazon nor Cloudflare responded to inquiries about these stalkerware operations. The email addresses collected from Cocospy and Spyic can help users determine if their information was compromised, but there isn't enough identifiable information to notify individuals directly. To check if your phone is compromised, you can enter a special code on your Android phone's keypad to make the stalkerware apps appear. You can also check your installed apps through the apps menu in the Android Settings menu. There are general guides available to help identify and remove common types of phone stalkerware. It's important to have a safety plan in place before removing the spyware, as it may alert the person who installed it. For Android users, enabling Google Play Protect can help protect against malicious apps, including stalkerware. iPhone and iPad users should ensure their Apple account uses a strong, unique password and has two-factor authentication enabled. They should also check for any unrecognized devices on their account. If you or someone you know needs help, there are resources available. The National Domestic Violence Hotline provides 24/7 free, confidential support to victims of domestic abuse and violence. If you are in an emergency situation, call 911. The Coalition Against Stalkerware also has resources if you think your phone has been compromised by spyware.

Actions