https://www.wired.com/story/eva-galperin-stalkerware-kaspersky-antivirus/
By Andy Greenberg
Wired.com
April 3, 2019
OVER THE LAST year, Eva Galperin says she's learned the signs: the
survivors of domestic abuse who come to her describing how their
tormentors seem to know everyone they've called, texted, and even what
they discussed in their most private conversations. How their abusers seem
to know where they've been and sometimes even turn up at those locations
to menace them. How they flaunt photos mysteriously obtained from the
victim's phone, sometimes using them for harassment or blackmail. And how
none of the usual remedies to suspected hacking—changing passwords,
setting up two-factor authentication—seem to help.
The reason those fixes don't work, in these cases, is because the abuser
has deeply compromised the victim's phone itself. The stalker doesn't have
to be a skilled hacker; they just need easily accessible consumer spyware
and an opportunity to install it on their target's device. An entire
industry of that so-called spouseware, or stalkerware, has grown in recent
years, one that Galperin argues represents a deeply underestimated scourge
of digital privacy.
"Full access to someone’s phone is essentially full access to someone’s
mind," says Galperin, a security researcher who leads the Threat Lab of
the digital civil liberties group the Electronic Frontier Foundation. "The
people who end up with this software on their phones can become victims of
physical abuse, of physical stalking. They get beaten. They can be killed.
Their children can be kidnapped. It’s the small end of a very large,
terrifying wedge."
Now Galperin has a plan to end that scourge for good—or at least take a
serious bite out of the industry. In a talk she is scheduled to give next
week at the Kaspersky Security Analyst Summit in Singapore, Galperin will
lay out a list of demands: First, she's calling on the antivirus industry
to finally take the threat of stalkerware seriously, after years of
negligence and inaction. She'll also ask Apple to take measures to protect
iPhone users from stalkerware, given that the company doesn't allow
antivirus apps into its App Store. Finally, and perhaps most drastically,
she says she'll call on state and federal officials to use their
prosecutorial powers to indict executives of stalkerware-selling companies
on hacking charges. "It would be nice to see some of these companies shut
down," she says. "It would be nice to see some people go to jail."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
