back to article After blitzing FlexiSpy, hackers declare war on all stalkerware makers: 'We're coming for you'

A Brit biz selling surveillance tools that can be installed on phones to spy on spouses, kids, mates or employees has been comprehensively pwned by hackers – who promise similar stalkerware peddlers are next. The miscreants, supposedly Brazilian and dubbing themselves the Decepticons, have explained how they, allegedly, easily …

  1. Jan 0 Silver badge

    Ethical Cracking,

    why wouldn't you?

  2. Doctor Syntax Silver badge

    Has el Reg reached out or even just plain contacted the ICO for a comment? It should be doubly interesting to them: once because of what these guys are up to and once because of the presumably unreported breach.

    1. Tom Paine

      ICO enforcement action? Or police?

      Good point. It'd be hard (well, impossible) for the ICO to go after them if they're not actively trading in the UK, but if that customer list were to leak, I'd hope the police would be verrrrry interested in a list of UK customers. Data Protection Act would be the least of their troubles, the Computer Misuse Act would be my preferred tool. Fines aren't going to be enough to wake people up to the fairly obvious fact that cyber-stalking is flat-out illegal.

      PS I wonder if this was the tool Rob Titchener installed on Helen's phone? # TiNC

      1. Doctor Syntax Silver badge

        Re: ICO enforcement action? Or police?

        "It'd be hard (well, impossible) for the ICO to go after them if they're not actively trading in the UK"

        The first three words of TFA: "A Brit biz"

  3. larokus

    General rule of thumb

    If you're that suspiscious your spouse is cheating, you're probably right. Skip the creepware.

    1. Ole Juul

      Re: General rule of thumb

      If you're that suspicious, you're doing it wrong.

  4. Chairo

    SAAS

    Smartphone as a service. Just to make sure your better half stays in the fold, so to say. Come on, who could be opposed to a little bit of telemetry?

  5. doug_bostrom

    "...yet no warning of any security breach has been sent out by either developer..."

    Fully in character.

  6. Anonymous Coward
    Anonymous Coward

    How would something like this work on iOS?

    You'd have to leave it running in the background, and say yes when it asks for permissions to all that stuff. That's fine if you steal your spouse's phone to install it, but if they restart it you'd have to snag it again, and you'd have to hope they never do the double home button press and notice this strange app is running...

    1. Anonymous Coward
      Anonymous Coward

      Re: How would something like this work on iOS?

      Beat me to it, but I'd also like to know how "once quietly slipped onto a victim's mobe" works.

  7. Mage Silver badge

    Legaliity

    In many countries installing anything on any device of a 3rd party without permission is a crime.

    It's also illegal to track location without permission or warrant. (They were thinking of GPS or other bugs on a vehicle).

    So not just the people installing the wares Stalking companies, but Google, Microsoft, Facebook, etc may be breaking national laws in many countries. It's illegal for an employer too, without saying, even if the employer's phone, tablet, laptop etc, in many countries.

    1. phuzz Silver badge

      Re: Legaliity

      Yes, but in many countries a husband can get away with doing pretty much anything to his wife short of actual murder, simply because they're married. I'd expect excuses one the level of "well my wages paid for that phone".

    2. Tom Paine

      Re: Legaliity

      It's illegal for an employer too, without saying, even if the employer's phone, tablet, laptop etc, in many countries.

      So what you're saying is that networked computers, user account management,.. hell, even HR are just plain illegal, because they know where you are? And don't get me started on aircrew... why, employers have special high-powered radio frequency devices that reveal their exact location every half second! Something must be done about this shocking state of affairs...

      (And that's why you don't get legal advice from commentards)

  8. Potemkine Silver badge

    Legality vs Legitimaticy

    What did these hackers is clearly illegal, but is it illegitimate?

    1. adnim

      Re: Legality vs Legitimaticy

      Just because it is legal doesn't make it right, just because it is illegal doesn't make it wrong.

      Laws like gods are created by those with the physical power to enforce the rules in order to keep the weak under control.

      The story made me smile and gave me a warm glow inside.

      1. Tom Paine

        Re: Legality vs Legitimaticy

        Just because it is legal doesn't make it right, just because it is illegal doesn't make it wrong.

        How very true that is; everyone is free to make up their own morality and decide for themselves which laws they'll observe or ignore. That's why I'm doing so well mugging grannies for a living.

        (much as I like to rant about arts grads infesting the news media, I _do_ wish there were mandatory basics in humanities and arts for STEM types. A little light philosphy could save so many electrons... )

  9. John Smith 19 Gold badge
    Unhappy

    It's interesting. The hackers are illegal. The business is legally legal

    Or at worst a Grey area.

    But they make just-about-legal stalkerware (if they weren't a spouse, and who checks if the purchaser is or isn't they'd, definitely be a stalker).

    Like anyone who's business involves either finding out (or protecting others from finding out) people's business they should expect to be hit and hit hard on a regular basis.

    If you want to play in the more abrasive parts of the IT business you'd better be prepared to take a beating on security. It's not going to be "if" it's going to "when" and "how often."

    1. Anonymous Coward
      Anonymous Coward

      Re: It's interesting. The hackers are illegal. The business is legally legal

      Good point. Making the software is in principle legal (well, sort of, there may be language in the agreements for Apple Xcode that voids the permission for use if you cook up stuff like this), a bit like how selling spy electronics is not illegal in quite a few countries - the illegal part is using it without the victim's knowledge, so the criminal aspect is performed by the buyers.

      However, creating this sort of stuff (especially with the choice of audience) places you on the wrong side of an ethical line, evidently in the firing line of what appear to be "ethical" hackers. That doesn't make the latter activities legal, but I can sympathise, and there is IMHO some validity to a "benefit to society" claim if that would make it to court.

  10. Anonymous Coward
    Anonymous Coward

    Hackable since at least 2008

    http://www.informit.com/articles/article.aspx?p=1185592

    Security has been an issue for them for a while.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021