Consumer spyware: a serious threat with a different threat model

Posted by   Martijn Grooten on   Apr 25, 2017

We all know the risks of having a device infected with malware: an anonymous adversary far away can encrypt your files and hold them to ransom; they can steal your personal data and sell it online; or they can steal your money directly from your online financial services.

But imagine if the adversary is neither anonymous nor far away, but an abusive (ex-)partner. They may not be after your money or your identity, but they will be able to see what you are doing, who you are talking to, and where you are going.

If that sounds creepy, that's because it is. Unfortunately, it is a very real threat for very many people: as VICE Motherboard shows in an investigative series on consumer spyware (also known as 'stalkerware' or 'spouseware'), such software is widely available, relatively cheap, and worryingly popular.


flexispywebsite.png

Though many of the software's customers will have no intent on harming their target, there are cases where such malware has been linked to serious cases of domestic violence. This alone should be enough to make anyone care about this issue.

But if you are working in security, there is another reason why you should care: the threat model is very different from the one we usually consider. How well does your authentication mechanism work against an adversary who has physical access to the device and to the 2FA token, and who may know the answers to all the victim's security questions? How does your security software, which may well detect the spyware as malicious, fare against an adversary who disables it when installing the spyware?

I would recommend to anyone that they read the series at VICE Motherboard, which gives an excellent insight into how the makers of spyware operate. I would also recommend you come to VB2017, where Joseph Cox, one of the series' authors, will give a presentation on this very subject.

Register for VB2017 now to see Joseph and dozens of other security experts from around the world present on all aspects of the security threat landscape. Register before 30 June to get a 10% Early Bird discount.

VB2017-325w.jpg

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.

Spamhaus report shows many botnet controllers look a lot like legitimate servers

Spamhaus's annual report on botnet activity shows that botherders tend to use popular, legitimate hosting providers, domain registrars and top-level domains when setting up command-and-control servers.

Tips on researching tech support scams

As tech support scammers continue to target the computer illiterate through cold calling, VB's Martijn Grooten uses his own experience to share some advice on how to investigate such scams.