How to Find ‘Stalkerware’ on Your Devices
Fighting stalkerware is tough. You can’t doubt that it is there. Even if you did, it can be difficult to detect because antivirus software recently started flagging these apps as malicious.
Here’s a guide to how stalkerware works, what to look for, and what to do about it.
different types of stalkerware
Monitoring software has proliferated on computers for decades, but more recently spyware makers have shifted their focus to mobile devices. As mobile devices had access to more intimate data, including photos, real-time location, phone conversations and messages, the apps became known as stalkerware.
Different stalkerware apps collect different types of information. Some record phone calls, some log keystrokes, and others track location or upload photos of a person to a remote server. But they all generally work the same way: An abusive boyfriend installs an app on a phone with access to the victim’s device and disguises the software as normal software, like a calendar app.
From there, the app hides in the background, and later, retrieves the abuser data. Sometimes, the information is sent to the abuser’s email address or it can be downloaded from a website. In other scenarios, abusers who know their romantic partner’s passcode can simply unlock the device to open stalkerware and review the recorded data.
self defense steps
so what to do? The Coalition Against Stalkerware, which was founded by Galperin and other groups, and several security firms offered these tips:
See unusual behavior on your deviceLike a fast draining battery. A cheap way to do this is to have a stalker app constantly running in the background.
scan your device. Some apps, such as Malwarebytes, Certo, NortonLifeLock and Lookout, can detect stalkerware. But for a complete look, check your apps carefully to see if there’s anything unfamiliar or suspicious. If you find a piece of stalkerware, hold off before removing it. This can be useful evidence if you decide to report the abuse to law enforcement.
Need help. In addition to reporting stalking behavior to law enforcement, you can consult resources such as the National Domestic Violence Hotline or the Safety Net Project, hosted by a national network to end domestic violence.
Audit your online accounts To see which apps and devices are connected to them. On Twitter, for example, you can click the “Security and account access” button inside the Settings menu to see which devices and apps have access to your account. Log out of anything that looks shady.
Change your password and passcode. It is always safe to change passwords for important online accounts and avoid re-using passwords on all sites. Try to create long, complex passwords for each account. Likewise, make sure your passcode is difficult for anyone to guess.
Enable two-factor authentication. For any online account that offers it, use two-factor authentication, which basically requires two forms of verification of your identity before you can log into an account. Let’s say you enter your username and password for your Facebook account. That is step 1. Facebook then asks you to punch in a temporary code generated by an authentication app. That’s step 2. With this protection, even if an abuser uses a piece of stalkerware to find out your password, they can’t log in without that code.
On iPhones, check your settings. A new stalker app, WebWatcher, uses a computer to wirelessly download a backup copy of a victim’s iPhone data, according to mobile security firm Certo. To defend yourself, open the Settings app and check the General menu to see if “iTunes Wi-Fi sync” is turned on. Disabling it will prevent WebWatcher from copying your data.
Apple said it was not considered an iPhone vulnerability because it required an attacker to be on the same Wi-Fi network and have physical access to the victim’s unlocked iPhone.
start fresh. Buying a new phone or wiping all data from your phone to start afresh is the most effective way to rid a device of stalkerware.
Update your software. Apple and Google regularly release software updates that include security fixes, which can remove stalkerware. Make sure you are running the latest software.
In the end, there is no one right way to defeat stalkerware. NortonLifeLock lead researcher Kevin Roundy said he had reported more than 800 pieces of stalkerware inside the Android App Store. Google removed the apps and in October updated its policy to prevent developers from offering stalkerware.
But many more people have come forward to take his place.
“There are certainly very dangerous, dangerous possibilities,” said Mr Roundy. “It will continue to be a concern.”
#Find #Stalkerware #Devices