Android Stalkerware ‘TheTruthSpy’ exposing images of children online

child on the phone

Image: Christy McLoughlin

Piracy. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reports on the dark underbelly of the internet.

TheTruthSpy, popular stalking software that markets itself to customers who want to surreptitiously monitor their spouses’ communications, exposes a slew of data from phones with the malware installed, including photos of children, pets servants and others related to babies.

The news is the latest in a long line of data breaches, exposures and hacks affecting stalkerware, whose products are often used by abusive partners or expose sensitive data of children. While the use of stalkerware is already an invasion of privacy by the person who installs it on the victim’s phone, the invasion is compounded by the fact that many of the companies that market and sell this software have bad cybersecurity practices and further expose data. on people’s phones to hackers or the general public. The The Federal Trade Commission has already acted against companies after Motherboard reported exposing children’s data.

Footage obtained by TruthSpy Motherboard includes a young boy looking directly at a camera, a photo taken of what appears to be a soiled baby’s diaper, an image of a pet cat, and other images clearly taken at the camera. inside someone’s house. These images were available to anyone visiting a particular URL on TheTruthSpy’s website.

Do you know anything else about stalkerware or know of another stalkerware violation? We would love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected]or email [email protected].

Last week, a tipster provided Motherboard with a link to a Tor Onion service that hosted a selection of data pulled from TheTruthSpy. A readme file included in the data dump included the specific URL from which the images were available on TheTruthSpy’s website. The motherboard verified that on Wednesday the images were still available for download. The released data also included a selection of apparent GPS positions of the victims’ phones.

Once installed on a victim’s phone, TheTruthSpy is able to intercept phone calls, siphon photos, read WhatsApp messages, track the phone’s GPS location and much more. These photos are then uploaded to TheTruthSpy’s servers where the stalkerware user can log in through a dashboard and view the collected material.

“If you feel like your spouse is cheating on you, you should spy on their phone. If they are mainly chatting, you can spy on text messages to read them secretly. “spy on text messages. It will give you all the information of the phone”, a 2021 blog post on TheTruthSpy website reads.

TheTruthSpy is part of a network of stalkerware applications that all use infrastructure maintained by a Vietnam-based company called 1Byte. As TechCrunch communicated in February, 1Byte exposes data from an entire fleet of stalkerware applications. TheTruthSpy data obtained by Motherboard appears to be related to this underlying vulnerability.

This isn’t even the first time TheTruthSpy’s data has been hacked or exposed. In 2018, a hacker told Motherboard they got access to the company’s servers and that there were over 10,000 TheTruthSpy customers.

TheTruthSpy did not respond to a request for comment.

In 2019, the FTC banned stalkerware company Retina-X and its owner James N. Johns Jr. from making any other mobile surveillance products unless they took steps to ensure the software was used only for legitimate purposes. This decision came after Motherboard reported that Retina-X had been hacked, twice.

The FTC said at the time that Retina-X and Johns violated the FTC’s prohibition against unfair and deceptive practices, as well as the Children’s Online Privacy Protection Act (COPPA), which requires companies to protect data for children under 13 years old.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.


Comments are closed.