Spyware Company Leaves 'Terabytes' of Selfies, Text Messages, and Location Data (vice.com)

← Back to Stories (view on slashdot.org)

Spyware Company Leaves 'Terabytes' of Selfies, Text Messages, and Location Data (vice.com)

Posted by msmash on Thursday August 23, 2018 @02:40AM from the privacy-woes dept.

An anonymous reader writes: Spyfone, a company that sells surveillance software to parents and employers left 'terabytes of data' including photos, audio recordings, text messages and web history, exposed in a poorly-protected Amazon S3 bucket. News outlet Motherboard verified that the researcher could access anyone's data by creating a free account and installing the spyware on a test device. After a few hours, the researcher sent me back a picture I took.

58 comments

Min score:

Reason:

Sort:

I spy DEEZ NUTZ by Anonymous Coward · 2018-08-23 02:44 · Score: 0

and they bouncing on your chin
1. Re:I spy DEEZ NUTZ by Type44Q · 2018-08-23 06:51 · Score: 1
  
  That's "they be bouncing" - even Ebonics has rules.
Subsidiary of Google? by Anonymous Coward · 2018-08-23 02:46 · Score: 0

When I read the headline, Google was my first thought.
NSA was my second thought.
So, who owns Spyfone?
1. Re: Subsidiary of Google? by Anonymous Coward · 2018-08-23 02:48 · Score: 0
  
  When I read the title, I thought I read Apl. You have no choice but to give them your information, or seriously compromise your user experience. They also sell advertising
  So who owns a spy phone?
2. Re: Subsidiary of Google? by Anonymous Coward · 2018-08-23 03:05 · Score: 0
  
  I sounds like anyone can own it.
3. Re: Subsidiary of Google? by Anonymous Coward · 2018-08-23 04:01 · Score: 0
  
  Who on earth would trust a company called Spyfone?
4. Re: Subsidiary of Google? by Anonymous Coward · 2018-08-23 04:25 · Score: 0
  
  When I read the title, I thought I read Apl
  When I read your comment, I thought I read Apk. Your spyphone won't get past my hosts file.
Notification Disaster by Anonymous Coward · 2018-08-23 02:47 · Score: 1

So now are they going to have to notify their "Targets" of a breach who will learn they were being spied upon?
1. Re: Notification Disaster by Anonymous Coward · 2018-08-23 02:56 · Score: 0
  
  I don't think anyone that uses this doesn't know. When you get such a device from a company you need to sign multiple agreements usually...
2. Re: Notification Disaster by DontBeAMoran · 2018-08-23 03:01 · Score: 4, Insightful
  
  1. Parents have admin access to the smartphones.
  2. Parents installs Spyfone.
  3. Parents clicks "accept" on the wall of text they did not read.
  4. Parents give smartphone back to children.
  5. Prof... there is no step five.
  
  --
  #DeleteFacebook
3. Re: Notification Disaster by CastrTroy · 2018-08-23 03:03 · Score: 2
  
  Spyfone, a company that sells surveillance software to parents....
  Looks like it's not just corporations using it. Most kids could probably figure out that the software is installed, and I would hope that most parents would tell them that this is installed to stop them from doing stuff they would be caught with, but I'm sure there's children (and spouses) who have this kind of think installed on their phone without their knowledge and consent.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
4. Re: Notification Disaster by Opportunist · 2018-08-23 03:10 · Score: 2
  
  I'd actually expect the majority of those installs to happen without the consent or even knowledge of those afflicted.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re: Notification Disaster by war4peace · 2018-08-23 03:20 · Score: 1
  
  I must admit I was tempted a few times. It's easy to give in to temptation, especially when your wife is relying on you to maintain her phone. But after thinking about it I decided against it for three reasons:
  1. I already had full control over her phone (since I bought it, configured it and maintain it 100%)
  2. I don't trust ANY third party company with that data
  3. I am getting a divorce anyway. What happens after we separate is none of my business.
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
6. Re: Notification Disaster by Opportunist · 2018-08-23 03:37 · Score: 3
  
  How the hell can someone get the idea that it's ok to spy on someone they allegedly love?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
7. Re: Notification Disaster by DontBeAMoran · 2018-08-23 03:49 · Score: 2
  
  That's okay, he's getting a divorce!
  
  --
  #DeleteFacebook
8. Re: Notification Disaster by Anonymous Coward · 2018-08-23 03:50 · Score: 0
  
  Democrat partisans sure do love state-sponsored rape!
9. Re: Notification Disaster by war4peace · 2018-08-23 03:56 · Score: 3, Informative
  
  Jealousy. Need for control. Doubt. Scientific curiosity (not kidding). Reciprocal agreement.
  Enough reasons?
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
10. Re: Notification Disaster by Anonymous Coward · 2018-08-23 04:01 · Score: 0
  
  Huh? It's _only_ OK to spy on someone that you love. If you love them, you care about them, and knowing that they're healthy and safe requires observation. Mothers spy on their children _all_the_time_, because they love them and care for them. If a mother were to spy on someone else's kid, that would be weird, because -- why should she care?
11. Re: Notification Disaster by nitehawk214 · 2018-08-23 04:06 · Score: 2
  
  How the hell can someone get the idea that it's ok to spy on someone they allegedly love?
  Thus the divorce. Looks like she should run fucking fast to restraining order land.
  
  --
  I'm a good cook. I'm a fantastic eater. - Steven Brust
12. Re: Notification Disaster by Anonymous Coward · 2018-08-23 04:22 · Score: 1
  
  No that doesn't make it ok.
  And supervising your child is in no way spying.
13. Re: Notification Disaster by Anonymous Coward · 2018-08-23 04:40 · Score: 0
  
  I'd actually expect the majority of those installs to happen without the consent or even knowledge of those afflicted.
  Which, arguably should fall under the Computer Fraud and Abuse Act, various wiretapping laws, and whatever else fits.
  And I would argue this also applies to the company who makes this shit, as they're clearly willing to provide tools to people to do illegal things.
14. Re: Notification Disaster by Anonymous Coward · 2018-08-23 04:41 · Score: 1
  
  How the hell can someone get the idea that it's ok to spy on someone they allegedly love?
  What does whether or not you love them have to do with whether or not they are cheating on you?
  Think about that, because that is in fact how it works.
15. Re: Notification Disaster by Anonymous Coward · 2018-08-23 05:05 · Score: 0
  
  And why would they think that someone worth spying on wouldn't have a secret phone?
16. Re: Notification Disaster by Opportunist · 2018-08-23 05:21 · Score: 3, Interesting
  
  As someone who had ZERO privacy as a child, I can tell you with some certainty that this is the perfect way if you wanted to ensure your kids would not trust you with anything, even if you were the last person on earth or the only one who they'd know could solve a problem.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
17. Re: Notification Disaster by dougmc · 2018-08-23 06:20 · Score: 1
  
  Most kids could probably figure out that the software is installed
  Depends on the kids, and how good the software is at hiding.
  I can provide a single data point: my kids. They spend hours and hours and hours on their phones and fewer (but still plenty) hours on computers, and yet they don't really have much of an understanding of how it all works -- they know how to use them well, but aren't really interested in going deeper.
  So as long as any "big brother" kind of software made any effort at all to remain hidden, they'd probably never notice. At least until there were a few incidents where we (their parents) found out about stuff that there's no way we could have found out about them except for bugging their phones -- if that happened a few times, they'd put two and two together.
  That said, I have little interest in babysitting them to that degree, but I think if I did ... they'd probably not notice, at least not at first. But eventually, they might figure out that something is going on if I didn't keep what was learned to myself.
18. Re: Notification Disaster by Anonymous Coward · 2018-08-23 13:06 · Score: 0
  
  Easy, they're mentally ill but functional and you need to have their back. Need another example or you good?
19. Re: Notification Disaster by Anonymous Coward · 2018-08-23 14:26 · Score: 0
  
  Simple. Any bipedal hominid on this planet cannot be trusted. Thus we spy on each other. To believe otherwise would require not experiencing the last 20 years. Are you new here? Welcome to Earth! I suggest leaving immediately, before our toxic, self-destructive behavior infects you.
20. Re: Notification Disaster by Gr8Apes · 2018-08-25 02:53 · Score: 1
  
  It's apparent you're not someone with a 8-15 year old in the house with a cellphone. It isn't so much spying as the wish to keep them out of certain areas of the web and to not do stupid shit with their "personal" take anywhere record anything web sharing enabled cameras. Keeping them somewhat restricted to phones in common areas only and lots and lots of discussion about what not to do is a good start. But at that age in today's world, keeping them away from slimy creeps is a whole lot harder than it used to be.
  
  --
  The cesspool just got a check and balance.
21. Re: Notification Disaster by Opportunist · 2018-08-25 08:50 · Score: 1
  
  You think spying on your child would allow you to avoid this? If anything could allow you to avoid this, it's your child actually trusting you. Which you certainly won't achieve by doing something that ultimately destroys that trust.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
22. Re: Notification Disaster by Gr8Apes · 2018-08-25 14:39 · Score: 1
  
  Your definition of spying could use some work, as could your reading comprehension. Take off your "I hate everyone that doesn't outright agree with me" glasses and reread what I wrote.
  
  --
  The cesspool just got a check and balance.
"researcher" by Anonymous Coward · 2018-08-23 02:49 · Score: 0

Please...don't pretend you are not hacking.
1. Re: "researcher" by Anonymous Coward · 2018-08-23 03:48 · Score: 0
  
  Go home, David Brock. You've had too much to drink.
USA sucks for privacy by rojash · 2018-08-23 02:53 · Score: 0

So much for all the stupid amendments; we need one to protect our privacy. The EU would have been all over these guy's asses and Freddie Mac for holding our info so loosely.
1. Re: USA sucks for privacy by Anonymous Coward · 2018-08-23 03:18 · Score: 0
  
  Plus Cloud Computing to the rescue again! Now you don't have to know crap about setting up Internet-connected infrastructure to do important things.
  Of course, this is proof AGAIN that if you don't know what you're doing stuff like this is practically guaranteed to happen.
  If actual competence was an actual requirement, I swear most startups wouldn't even exist. In that regard, cloud stuff does us all a disservice.
Obama Did It! by Anonymous Coward · 2018-08-23 02:56 · Score: 0

He just can't keep from spying on upstanding American heroes!
1. Re: Obama Did It! by Anonymous Coward · 2018-08-23 06:03 · Score: 0
  
  Who's the biggest lier in recent history? Jodi Arias, Casey Anthony, Vladimir Putin, oh and Donald Trump, he lies every day and foolishly believe him. Everyone that touches him have theirselves and their families destroyed and they lose everything. SO WHO DID IT!!!
2. Re: Obama Did It! by Anonymous Coward · 2018-08-23 06:10 · Score: 0
  
  Oh, and who degrades our true heroes, ex: John McCain, GOLD STAR families, Federal Judges and on and on.
  Donald J Trump.
3. Re: Obama Did It! by Anonymous Coward · 2018-08-23 07:29 · Score: 0
  
  I don't know but you're the best spellar
Complete Summary Title by Anonymous Coward · 2018-08-23 03:13 · Score: 0

I wish the summary title was a complete sentence. It sounds like they got up and left and forget their data.
1. Re:Complete Summary Title by The-Ixian · 2018-08-23 03:20 · Score: 1
  
  Also, what is with the single quotes around the word "Terabytes"?
  I imagine someone speaking that sentence and when they get to the word Terabytes, they make air quote gestures with their fingers.
  Is it actual terabytes of data or is that implied hyperbole?
  
  --
  My eyes reflect the stars and a smile lights up my face.
2. Re:Complete Summary Title by Anonymous Coward · 2018-08-23 03:36 · Score: 0
  
  In this scenario, it is likely that the phrase 'terabytes of data' is an unattributed quote.
3. Re:Complete Summary Title by Anonymous Coward · 2018-08-23 05:36 · Score: 0
  
  Also, what is with the single quotes around the word "Terabytes"?
  I imagine someone speaking that sentence and when they get to the word Terabytes, they make air quote gestures with their fingers.
  Is it actual terabytes of data or is that implied hyperbole?
  Maybe they're Tebibytes instead of Terabytes, but the reporter didn't want to look stupid printing Tebibytes because we all know it's a stupid word. So, 'Terabytes'
no comment by MJhasHIV · 2018-08-23 03:22 · Score: 1

other than WTF
Apply GPDR ! by Eric.pl · 2018-08-23 03:35 · Score: 0

1/ apply fines : "Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements"
2/ start reducing taxes
3/ fine even more stupid companies
4/ abolish taxes
Parents, I'd have one question to you by Opportunist · 2018-08-23 03:36 · Score: 5, Interesting

Why would you want someone who you don't know the least thing about spy on your kids? Because he shares his findings with you?
Do you also hire some seedy looking hobo as a babysitter?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:Parents, I'd have one question to you by cascadingstylesheet · 2018-08-23 03:57 · Score: 1
  
  Why would you want someone who you don't know the least thing about spy on your kids? Because he shares his findings with you?
  Do you also hire some seedy looking hobo as a babysitter?
  I don't. I just don't let my kids have smartphones.
  You approve ... right?
  Or is your real issue with parents doing anything protective in this regard?
2. Re: Parents, I'd have one question to you by Anonymous Coward · 2018-08-23 04:00 · Score: 0
  
  Depends on how much the hobo charges. Mr. Hutz will work for pocket change and popsicles.
3. Re:Parents, I'd have one question to you by Anonymous Coward · 2018-08-23 05:13 · Score: 0
  
  I don't. I just don't let my kids have smartphones.
  You approve ... right?
  I'm not the same person, but I'd argue that is a perfectly valid and preferred option.
  The big issue isn't a choice of spyware vs no spyware, but instead of trust vs no trust.
  And as the word "trust" is so overloaded these days, let me just say outright that I don't mean that in a negative or judgmental way.
  A very young child who is still being taught and learning how the world works *shouldn't* be trusted to behave in a way they haven't yet learned or are capable of understanding.
  That's just how kids are initially. We were all the same too.
  So yes, not giving a smartphone to a child that hasn't yet learned about the consequences from using it in a responsible way is pretty much the exact correct response.
  To put the trust issue into perspective, let's use a power tool analogy.
  Even as an adult of intelligence and wisdom, if no one has taught you how to properly and safely use a power tool, it would still be correct to say such a person should not be trusted to use one, yes?
  This stems from lack of specific knowledge, ignorance if you will, not of any negative or bad aspects about the person. If you haven't been taught something we can't possibly know it.
  It doesn't mean they are untrustworthy, or stupid, or anything like that.
  So what is the correct way to enable them to use said power tool? Well you teach them how!
  Also you don't let them even try until they are given such knowledge, aka the same as you not giving your kids a smartphone at a young age.
  More importantly, you don't install cameras and bubblewrap on the floor and set them loose on a tool they don't know how to do.
  Doing so isn't going to prevent an accident, all it will do is record the accident happening, but the consequences will still need faced.
  This will not be looked upon as "protection" to the person now missing fingers or an eye.
  The latter is all you can hope to get out of smartphone spyware.
  It can't stop a problem, it lets the problem go about happening and now you'd know, likely too late, that there is a problem.
4. Re:Parents, I'd have one question to you by Opportunist · 2018-08-23 05:23 · Score: 1
  
  Your kids will probably be seen as weirdos or at the very least have a hard time socializing in a teenage society that exists mostly via instagram and whatsapp, but that's a different concern. My business is security, not psychotherapy.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re: Parents, I'd have one question to you by Opportunist · 2018-08-23 05:24 · Score: 1
  
  He wanted fridge privileges last time, too, that's where I draw the line!
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:Parents, I'd have one question to you by Opportunist · 2018-08-23 05:26 · Score: 1
  
  Even as an adult of intelligence and wisdom, if no one has taught you how to properly and safely use a power tool, it would still be correct to say such a person should not be trusted to use one, yes?
  Depends entirely on whether I may be there with a camera and get the international rights to the pictures.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Accidental? by Anonymous Coward · 2018-08-23 03:39 · Score: 0

How many times will this happen and still be called an accident? It does seem ironic that these parents spying on their kids sexting habits end up making all their communications public. There should be laws protecting privacy. Too bad the forefathers didn't think of it back then.
Staple gun ... testicles ... forehead ... by Anonymous Coward · 2018-08-23 03:42 · Score: 0

I figure anybody working for a company like this needs to have their reproductive organs stapled to their foreheads, be lit on fire, and rolled down a hill into a pool of alligators with frickin' lasers. Sorry to any ladies who work there, this might hurt a bit.
Oddly, the malware companies and the ad/analytics companies are no different in my view. Working for one of these companies means you've forfeited your right to privacy, because you seem to think we've forfeited ours.
1. Re: Staple gun ... testicles ... forehead ... by Anonymous Coward · 2018-08-23 04:27 · Score: 0
  
  Well these companies don't get your info unless you give it, so yeah you did forfeit privacy if you handed out your info...
Unencrypted, naturally. by OldMugwump · 2018-08-23 04:51 · Score: 1

[eom]

--
"Shoot, a fella could have a pretty good weekend in Vegas with all that stuff."
Re: Obama Did It! SWISH by Anonymous Coward · 2018-08-23 06:20 · Score: 0

and ... SWOOSH!