Stalkerware: The invisible menace to victims of home violence

Chris DeGraw / Digital Trends

Note: This story contains descriptions of digital abuse and evidence of domestic violence.

At the beginning of their marriage, Samantha noticed that her husband would disappear into the bathroom for a long time. If he came out, he would be angry with her.

"I later found that he was reading my text messages," Samantha told Digital Trends. "You were transferred to his phone."

According to Samantha, his behavior escalated. In addition to violent behavior, he tried to hack her relatives' bank accounts. She left him in 2015, but the abuse didn't stop. He registered a car under her name and seemed to know when and where she made a purchase or went outside.

"I lived four states away from him and somehow he would show up if I left," Samantha told Digital Trends. She refused to give her last name because her husband is still trying to monitor her digital life.

Telephone stalkerSpeedKingz / Shutterstock

"It would be crazy and paranoid to think someone is chasing you like this. People don't think that things like that are possible. You question your sanity. Since the perpetrator was no longer able to physically control or punish me, this was his way of causing pain, ”she added.

It was only two years ago, after Samantha was constantly terrorized, that she discovered the full extent of her perpetrator's surveillance thanks to the help of domestic violence specialists and technology laboratories who had scanned her phone. She believes he has hacked at least five of her devices with stalkerware in the course of their relationship.

"Stalkerware" is a collective term for apps that secretly monitor a victim's communication, location, photos, password keys and more.

Has domestic abuse increased dramatically since COVID-19 forced couples to be blocked. However, according to cybersecurity company Kaspersky, the use of stalkerware has decreased during the pandemic.

"At the moment victims and perpetrators are always together," said the head of the research and development team at Kaspersky Lab Victor Chebyshev. "There is no need to monitor activities when they are in the same place."

Chebyshev fully expects the use of stalkerware to increase again as soon as people no longer seek protection on the spot.

"It makes no difference whether there is a quarantine, social detachment or another crisis situation, as we are constantly on guard without a moment's pause," he said.

However, the cyber security company Avast has one increase use of the stalkerware during the blocking. The discrepancy can show how little understanding we have of these numbers.

"It remains to be seen what the number of stalkerware detected will be at the end of the year as this will give us a clearer picture," he said Chebyshev.

The disturbing story of stalkerware

Westend61 / Getty Images

Stalkerware has been around for more than a decade, although until recently it has historically come under the “spyware” umbrella. The use of these apps as a tactic for domestic abuse is still a relatively new topic among technology companies and legislators, but not due to a lack of distribution.

According to Kaspersky, the use of stalkerware has increased worldwide in the past two years found In 2019, 35 percent more people worldwide came across the apps than in 2018. These numbers are likely to be low because they are based on reports from users who have managed to scan and localize the stalkerware on their devices.

February survey Harris and NortonLifeLock found that 10 percent of Americans used an app to monitor calls from their ex or current partner's calls, messages, emails, and photos without the partner's knowledge or permission.

"We believe we have seen a huge surge for two reasons," he said Chebyshev. "First, because we improved our detection, and second, because developers who create stalkerware started to fight our detection."

"It was also pretty shocking to see how bad the problem is."

Last year, competing security companies such as Norton Lifelock, Kaspersky, Malwarebytes and others joined forces to fight the surge in US stalkerware Coalition against stalkerware.

"It was also pretty shocking to see how bad the problem is," said Chebyshev, “(COVID-19) provides some time to focus on activities that we are undertaking with the coalition against stalkerware to raise awareness of the problem. … However, we believe that the struggle to protect all users from stalkerware will unfortunately continue for a while. "

Detected Spaware Apps diagramAvast

In the meantime, non-profit and domestic violence organizations are trying to help survivors tackle the invisible problem while in detention. In a breakthrough program in New York, Cornell Tech Abuse Terminating Tech Abuse partnered with the NYC Family Justice Centers as part of the New York Mayor's Office for Ending Domestic and Gender Violence (ENDGBV) to scan and survivor's phones to delete. Service is remote during COVID-19, and tech specialists make appointments in certain areas.

"A lot of gas is ignited during this abuse," said Jenise Jenkins, manager of the NYC Family Justice Centers. "An abuser says," You don't know what you're talking about. "It is a great advantage for our customers to know and be sure that they have not invented it. They will hear confirmation from a professional. Once they know that it is just an app, they can do something about it . "

Cornell Tech has developed an open source antivirus technology called ISDi, Which Survivors do not have to be installed, which avoids the discovery of the perpetrator. While overall stalkerware declined during COVID, Cornell Tech anecdotally reports the same number of survivors affected.

"I thought there would be a levy, but we're busier than ever," said Diana Freed, a doctoral student. Researcher at Cornell Tech.

Stalkerware recovery

Security engineer worker doing his job

One size doesn't fit everyone when it comes to action plans for survivors. Samantha currently lives in a private address. One of her devices is still being hacked – her culprit doesn't know she knows he has access to it. It only gives him harmless information. This way she can control him and not the other way around. She is seeking divorce but has not gone to the police.

"It is very difficult to prove, especially if there is a spouse and you have shared a phone plan. Gaslight and mental warfare, which are intangible, are difficult to explain to non-traumatized people.Samantha said. "If he finds out that I know, he could change everything."

Stalkerware presents a legal puzzle. It is generally legal to develop the technology that underpins many apps that are used as stalkerware. Users can be charged with stalking or fraud if they use the technology for illegal purposes. However, it is difficult to track; The technology is shady and survivors are often unwilling to share their actively monitored devices with forensic police teams. Almost half Cases of domestic abuse are not reported.

"Accessing someone else's device can violate all types of computer privacy laws," said Erica Olsen, director of the National Network's Ending Domestic Violence Security Program. "But there are so few ways to find, prove and get rid of it. Survivors are usually forced to factory reset or get a new phone, which means the evidence is not kept. "

Not an easy solution

Man sits on the rail while people walk byWestend61 / Getty Images

The U.S. has a huge stalkerware problem, but the nation is ahead of the curve when it comes to fighting it. In October, the Federal Trade Commission accusations against three stalkerware companies after allowing users to conduct illegal surveillance activities on their platforms. The case is only the second of its kind in the world: In 2014, a US court was successful shut down a stalkerware app based in Pakistan.

Most stalkerware can be downloaded from standalone websites or through Google Play for Android phones – although Google did Initiatives started to filter out these apps. The search giant announced last week that it would ban ads for stalkerware apps, especially those that "are marketed or used to track or monitor another person or their activities without their permission."

Android devices are also vulnerable because they are open source and have a diverse ecosystem. Multiple versions of the Android operating system are available at the same time, making security updates incorrect. Stalkerware is less common on Apple devices because the app store is strictly devoted to development and delivery.

Every abuser can upload stalkerware, regardless of whether they have a technical background or not.

It is impossible to recognize many stalkerware apps without a targeted stalkerware scan, and this type of scanning technology is still in its infancy. These apps are usually buried deep inside a victim's phone system – usually under harmless filenames like "WiFi Check", which means that victims don't usually notice them themselves.

Every abuser can upload stalkerware, regardless of whether they have a technical background or not.

"It's pretty easy. You just have to google the steps," said Jenkins. "It happens more often than the layperson thinks. They have so much to do with survivors of domestic violence that this is only their concern and concern for their safety and reinforced by their children. "

According to Chebyshev, once the information reaches the apps, victims' problems may only get worse. Many stalkerware apps upload victim information to insecure servers. Hackers can easily access the information and the app can use it for their own data and marketing purposes as there is no data protection agreement with the victims.

Freed said that anyone suspected of activity on their phones should use reputable antiviral software that detects stalkerware – not just adware. Kaspersky, MalwareBytes, Avira, McAfee and Avast all According to reports Target stalkerware with success. In addition to its anti-stalkerware technology, CETA also offers Step by step instructions when separating abusive partners, from removing saved passwords to improving Facebook security.

Samantha said that she has more than one device and that they use them all for different purposes to throw off their perpetrator. One device is, for example, educational software for her son. Another is for trustworthy friends and family. She is extremely careful when it comes to sharing her information with third parties.

"I deserve to live a normal life. If I have to do it that way, I'll do it too, ”she said.

If you or someone you know is at risk of domestic abuse or stalking, call the national domestic violence hotline at 1-800-799-7233.

Editor's recommendations

Leave a Reply

Your email address will not be published. Required fields are marked *