Posts Tagged: Mobile Spy


14
May 15

Mobile Spyware Maker mSpy Hacked, Customer Data Leaked

mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked. Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”

mSpy has not responded to multiple requests for comment left for the company over the past five days. KrebsOnSecurity learned of the apparent breach from an anonymous source who shared a link to a Web page that is only reachable via Tor, a technology that helps users hide their true Internet address and allows users to host Web sites that are extremely difficult to get taken down.

The Tor-based Web site hosting content stolen from mobile devices running Mspy.

The Tor-based Web site hosting content stolen from mobile devices running mSpy.

The Tor-based site hosts several hundred gigabytes worth of data taken from mobile devices running mSpy’s products, including some four million events logged by the software. The message left by the unknown hackers who’ve claimed responsibility for this intrusion suggests that the data dump includes information on more than 400,000 users, including Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions.

The exact number of mSpy users compromised could not be confirmed, but one thing is clear: There is a crazy amount of personal and sensitive data in this cache, including photos, calendar data, corporate email threads, and very private conversations. Also included in the data dump are thousands of support request emails from people around the world who paid between $8.33 to as much as $799 for a variety of subscriptions to mSpy’s surveillance software.

Mspy users can track Android and iPhone users, snoop on apps like Snapchat and Skype, and keep a record of every key the user types.

mSspy users can track the exact location of Android and iPhone users, snoop on apps like Snapchat and Skype, and keep a record of every word the user types.

It’s unclear exactly where mSpy is based; the company’s Web site suggests it has offices in the United States, Germany and the United Kingdom, although the firm does not appear to list an official physical address. However, according to historic Web site registration records, the company is tied to a now-defunct firm called MTechnology LTD out of the United Kingdom. Continue reading →


6
May 10

New Software Turns iPad into iSpy

A new commercial software program marketed to employers, parents and suspicious spouses lets customers surreptitiously monitor their Apple iPads remotely and view a record of all e-mail and Web use on the devices.

The software-as-a-service is the latest offering from Jacksonville, Fla. based Retina-X Studios, a company whose  Mobile Spy products have long allowed people to remotely spy on iPhones, Blackberries and other smartphones. For $99.97 a year, customers get access to a Web interface that allows them to view a list of every Web site visited, every e-mail sent and received, as well as any contacts added to the iPad.

Mobile Spy pitches the product thusly:

Are your kids viewing pornography while you are alseep? [sic] Are your employees sending company secrets through their personal email? You will have the answers to all these questions answered. Logs are instantly uploaded and viewable inside your control panel.

The company said in a press release that it plans to roll out even more capabilities for its iPadspy product, such as the ability to record the target’s location (by tapping the built-in GPS), and rifle through photos and notes stored on the device.

I haven’t used the service (I don’t even own an iPad, sadly). But these kinds of services are a good reminder about the importance of physical security for your computers and gadgets: In most cases, once an attacker has physical access to a device, it’s game over.

The software only works on jailbroken iPads, as the iPad is not able to run more than one program at a time unless it’s jailbroken.