Slashdot Mirror
Mobile Spy Software Maker MSpy Hacked, Customer Data Leaked
pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.
I guess some enterprising lawyer will also use it to troll for clients whose spouses have spied on them.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
All your stuff is backed up... somewhere
“He’s not deformed, he’s just drunk!”
I needed a good laugh.
"If any question why we died, Tell them because our fathers lied."
Its cute how you assume most people can learn from their mistakes by tracing decision to result to cause to unintended effect.
Finding an old article on mSpy:
"The mSpy technology aggregates the surveillance activity in a cloud-based, password-protected control panel, from which the user can send remote commands, including blocking access to certain programs, websites and apps, and can also restrict incoming calls or shut down and lock the phone. Now that themSpy monitoring software can be pre-installed on HTC One, Nexus 5, Samsung Galaxy S4 and iPhone 5s smartphones, the user no longer has to worry about smartphone compatibility with the software or obtaining physical access to the target phone. Smartphones with pre-installed mSpy can be purchased via the company’s website. The mSpy software-plus-smartphone bundle includes a one-year subscription to the premium mSpy software, which is priced at $200. The technology can capture a range of mobile data, including voice calls, emails, SMS, keystrokes, use of Viber, WhatsApp, Skype, chats, location and more. In order to avoid legal repercussions relating to invasion of privacy, MTechnology stipulates in its conditions that mSpy services must not be used for unauthorized surveillance and that users are required to notify people who are being monitored."
Well things like Viber WhatsApp Skype etc. certainly we know they are NSA tapped. Skype was mentioned in the PRISM document, the later ones will be later additions to the PRISM program, Viber has long been suspect due to its founders connections to the Israel spy agencies.
Location is intercepted on bulk by a lot of programs for advertising, and that location data is available to advertisers, so its available to NSA.
Voice calls? We know they intercept 100% of calls in several contries as of 2012, that capability will have increased. Certainly in the US, or UK, its simply a matter of tapping in a number and the calls are automatically recorded. General collect it all would have intercepted it all because there was nothing to stop him.
ermails? Intercepted.
So yeh, even without having access to mSpy's database (likely hacked or since they are UK based, GCHQ would have slapped a secret demand for data on them, the kind that made Vodafone and BT assist in spying on Brits).
There still needs to be a means to use the database. There also needs to be a means for automated software (ie, that which is installed as a client on the compromised phone) to authenticate into the database. There's going to be a weakness somewhere even for an encrypted database otherwise the database is useless. For all we know it was encrypted and it was compromised through a phone that had itself been compromised with the company's software.
If that's how it happened, or if analysis of a compromised device gave the people what they needed to break in, then I really can't be sympathetic.
Do not look into laser with remaining eye.
...that the data stolen belonged to people whose privacy was already being grossly invaded, rather than to the fuckwits who thought it was a good idea to spy on their family members.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
Can you imagine the number of lawsuits this is going to bring against the people who installed it?
Its a real simple marketing trick actually. Don't call it "spyware" or "wiretapping", call it "security" and "monitoring" and make sure to mention "for the children" and you're all good.
If a system like this was properly designed, the data would be encrypted against a key held by the customer, and the company would never have access to decrypted data. As it is, it appears that every person using the service was in effect providing the company with all the data from the phone in question. What the company did with it after this point is irrelevant, as the information is already compromised.
Based on the activities of the original owners, I wouldn't be surprised if someone got fired from the company, but didn't get their credentials revoked in time -- or they had already been making a backup of all the data. If one of the founders now owns a competitive product, this could be purely a method of taking out the competition.
Or, it could be just a case of bad/lapsed security.
Never mind - I found it myself. Short answer: either jailbreak the phone or give them your victim's iCloud credentials so they can trawl the backup files.
Dewey, what part of this looks like authorities should be involved?
Well, ok, so what is the onion address?
We can't really evaluate this stuff without the source.
Akbar - It's a trap!
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.