In the past couple of weeks alone, the Red Sox found an actual use for Apple Watch by stealing signs from their opponents, a band of hackers cracked into the controls of US power grids, and SpaceX flung a classified spy drone into orbit.
Maybe I’m just paranoid, but it feels as if sneakiness is in the air — though maybe that’s just the scent of hard drives burning at Russian consulates.
The Internet is and always has been a virtual thicket of sneaks, creeps, hackers, crooks, spammers, and scammers — we know this. If you can imagine a way your privacy might be compromised online, it’s probably already happening. (Equifax breach, anyone?)
Former FBI director James Comey once said of keeping tape over your webcam lens, “There’s some sensible things you should be doing, and that’s one of them.” So maybe I’m just sensible?
It was only a matter of time before those invasive tools we once safely associated with elite denizens of the dark Web or faceless gangs of hackers found their way into the hands of — don’t take this personally — smartphone-tapping normies.
If you’ve observed the simultaneous rise of terms like “spyware,” “ransomware,” “stalkerware,” even “spouseware” across the headlines, you’re seeing the spread of this new wave of malware in action. And the outbreak is happening in two ways.
Unwittingly, users are spreading spyware snuck onto their systems by backdoors built into innocent seeming apps — 500 of which Google recently nixed from its stores. Meanwhile, quite wittingly, consumers are paying good money for apps that do everything from intercept text messages and phone calls, to tracking locations and even snapping photos through a target’s camera.
Take SpyPhone Android Rec Pro, a $187 app from the Polish company Spy Shop which bills itself as useful for child protection, call tracking, employee monitoring, and “localising a kidnapped person,” and which remotely siphons audio (on and off of phone calls), snaps photos, records call histories, tracks GPS coordinates and batches the information into a daily report for the tracker. There’s TheTruthSpy, which runs on a 33-cent daily subscription and can dig into social media portals like WhatsApp. There’s XNSpy, mSpy, FlexiSPY, and dozens of other cute-sounding ways to track anyone whose phone you can access for long enough to install them.
But not without ample (finely printed) warnings in the end-user agreements. mSpy, which costs $200 a year and markets itself to parents looking to oversee the online activities of their kids, says its product is “for legal use only,” citing federal laws that prohibit surveillance of devices “you do not have the right to monitor.” And FlexiSpy, which also angles toward supervisors keeping a virtual eye on employees and offers a $349 “extreme” version, offers a similar, more hand-washy caution: “It is the responsibility of the FlexiSPY user to ascertain, and obey all applicable laws in their country in regard to the use of FlexiSPY for ‘sneaky purposes’.” Sounds pretty subjective.
And all of these are just the “legit” options waiting for your legal download. A recent Forbes investigation found signs of much larger efforts to sell similar “creepware” tools to law enforcement agencies for hundreds of thousands of dollars (compared to the hundreds an insecure boyfriend might shell out), and that “often the malware used to snoop on terrorists and pedophiles is much the same as that used to control partners in abusive relationships.”
So, yeah. Sorry to make you fear every device in your house more than you already do, but that creeping feeling you have is completely justified: This stuff is real.
Most of the apps mentioned above require physical possession of a phone and knowledge of a password or two to install (not exactly consent), so keeping phones and devices on lock is your best guard. You should also avoid downloading apps that. . . . Well, just avoid downloading apps — you never know what’s in there. (The contact-uploading Sarahah app was proof that even a worldwide hit app can have more invasive capabilities under the hood.)
Common sense and vigilance will keep your phone in good hands; as for your webcam, just remember we can see through that Scotch tape, silly.Michael Andor Brodeur can be reached at firstname.lastname@example.org