The use of stalkerware has increased in response to the COVID-19 pandemic. According to researcher Lodrina Cherne of Cybereason and consultant Martijn Grooten of the Coalition Against Stalkerware this type of software can be used for various reasons such as intimate partner violence and gender-based violence.
Their report was presented at the Black Hat cybersecurity conference in Las Vegas this week. Researchers say that today, besides mobile devices, smart IoT appliances can be abused for the purpose of spying.
The Coalition Against Stalkerware describes stalkerware as software that allows a remote user to monitor and secretly record the activities of another user without “explicit, persistent notification to that user in a manner that may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.”
The Coalition Against Stalkerware is an organization working to combat the harmful effects of stalkerware. This group was formed in 2019 by various non-profit organizations, security advocates, and security companies. Some of the companies that participated in the project include F-Secure, National Network to End Domestic Violence, Kaspersky, Malwarebytes, and the Electronic Frontier Foundation.
“In recent years, the problem of stalkerware has been on the rise globally,” the coalition said. “Non-profit organizations report a growing number of survivors are seeking help with stalkerware, and cybersecurity companies are detecting a consistent increase in these harmful apps.”
This software can remotely monitor and intercept calls, SMS messaging, GPS/location data, and VoIP applications on a wide range of devices. It can also steal data from an infected device.
Usually, stalkerware is installed through physical access to a phone. There are also cases where stalkerware is installed via SMS.
Stalkerware most often infects Android mobile devices but was also found on unpatched or jailbroken iOS devices.
“Tech abuse rarely involves hacking, it instead exploits a feature of the technology — they are rarely built with IPV in mind,” Grooten said.
This type of malware is sometimes marketed as a way to monitor children or employees. However, such apps can also be used to abuse their users without consent or to steal private data from them.
Using technology to spy on or abuse someone, however, can now go beyond mobile apps. According to experts, the use of Internet of Things (IoT) devices such as home security cameras can also be abused. Even such remote-controlled devices as thermostats or lights can be abused today.
A survey conducted in Australia revealed that 99.3% of domestic violence practitioners had victims who were abused using video cameras. The prevalence of this practice has increased by 183.3% over the recent years.
In the US, a quarter of individuals who experienced domestic abuse reported that technology in some manner was involved, according to the Stalking Prevention Awareness & Resource Center.