Hackers can access your Facebook messages and text using creepy "stalkware" apps

Hackers can access your Facebook messages and text using creepy "stalkware" apps

Spooky apps designed to help anxious parents pursue their children's online activities have uncovered the private messages of thousands of people.

A gap in two of the so-called "stalkware apps" allowed cybercriminals access to Facebook messages, texts, phone call data and GPS coordinates.

According to a study by Motherboard, around 28,000 users – many of them children – were released due to the error.

Stalkerware apps are technically legal but have provoked controversy in the past when used by people for illegal espionage.

Spouses of paranoids have used the software illegally to sniff for spouses while bosses use them to track workers' activities.

Scroll down for video

Pictured is the admin dashboard of the & # 39; stalkware & # 39; -tap Xnore. With the app, people can track the GPS coordinates, text and phone data of a monitored device. A recent research has shown that the app has filled the gap of thousands of users

Depicted is the admin dashboard of the app "Stalkware" Xnore. With the app, people can track the GPS coordinates, text and phone data of a monitored device. A recent research has shown that the app has filled the gap of thousands of users

WHAT IS STALKERWARE?

Stalkerware is a software that allows you to spy on a person's phone or tablet.

They are often promoted to parents who want to track their child's online activities, or bosses looking for their employees.

In general, you can use stalkware to intercept messages, photos, browsing history, GPS coordinates, and even call data remotely.

You pair an online account with an app installed on the device you want to spy on.

Users can then remotely access the phone's data without the owner knowing they are being monitored.

Stalkerware apps are technically legal but have provoked controversy in the past when used by people for illegal espionage.

Such an application, called Xnore, can intercept messages, photos, browsing history, and even GPS coordinates.

It can also record phone calls secretly.

Users typically pair the app to a monitored phone or tablet so that a parent can track their child's messages and movements.

However, research revealed that the site allowed hackers to spy on the data of all monitored devices registered on the site.

A void in the system allowed cybercriminals to open the website's HTML code to see a "mobile ID" that Xnore uses to view and collect data.

This meant they could secretly monitor the news, recorded phone calls, and thousands of users, many of whom were children.

After Motherboard contacted Xnore, the company removed the feature from its website and added an additional level of authentication when devices were added.

Shown is the website of Xnore. Through a gap in the app, cybercriminals have access to people's Facebook messages, text, and call data

Shown is the website of Xnore. Through a gap in the app, cybercriminals have access to people's Facebook messages, text, and call data

The news agency received an indication of the loophole of a hacker known only as L & M.

They said, "Such companies are only interested in how they are spying, and they are not interested in the confidentiality of victims' data and their safety."

L & M discovered a bug in a second app called Copy9, which offers a similar service to Xnore.

Stalkerware apps are technically legal but have been controversial in the past when used by people for illegal espionage (image).

Stalkerware apps are technically legal but have been controversial in the past when used by people for illegal espionage (image).

The researcher said he accessed the usernames and passwords of around 12,000 users.

They claimed to have had access to the data of all these users' surveillance goals, including text messages, photos, WhatsApp chats, and call records.

Copy9 could not respond to a security breach request.

Leave a comment

Send a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.