"When hackers get hacked" should become the tagline of 2018. After several other similar incidents, it is now the turn of an Android spyware maker that advertises its spyware to be used against children and employees. A target of a vigilante hacker, the company known as SpyHuman offers surveillance software for Android devices that enables its users to intercept phone calls, text messages, track GPS locations, read messages on WhatsApp and Facebook, and use the target device's microphone.
It now appears that a hacker has stolen customer text messages and call metadata from the spyware company. Call metadata includes phone numbers the target devices dialled or received calls from along with their duration and dates. Hackers managed to access over 440,000,000 call details through exploiting a basic security flaw in the website.
"These spy apps should be out of market, most people spy on girls and [their] data image [...] always sensitive,” the hacker wrote in a message that was obtained by Motherboard. "No one have rights to do that and same these apps and provider making money by doing this."
While SpyHuman sells its spyware as a tool to monitor children and employees, it's mostly used to illegally spy on partners and spouses without their consent. "Several review websites and social media posts do push the app for such purposes, and archives of particular SpyHuman pages include phrases such as 'know if your partner is cheating on you,' and suggests monitoring your husband’s texts in case he is having an affair," the publication reports.
The company gave the following (non)explanation when asked about how it makes sure its software isn't being used for illegal surveillance:
"As a precaution, at an initial stage of our app installation, we always ask users that for what purposes they are installing this app in the target device. If they select child or employee monitoring then our app stays hidden and operate in stealth mode. Otherwise, it will create visible Icon so that one can know that such app is installed on his/her devices.”
As is apparent, since its users can always select a child or an employee - which in itself raises several questions - they don't necessarily have to reveal if they are using the product for spying on people, mostly partners, without their consent.
- If you are a victim of spyware or technology-facilitated abuse, this is a very comprehensive resource list offering guidelines and help.
