A New York-based spyware maker has agreed to notify the individuals whose phones were compromised by its mobile surveillance software, following a deal with the New York attorney general’s office announced Thursday.
Under the agreement, Patrick Hinchy, whose 16 companies promoted apps like PhoneSpector and Highster, will also pay $410,000 in civil penalties for illegally promoting the mobile surveillance software that allowed its customers to spy on another person’s phone without their knowledge.
According to the New York attorney general’s office, the apps sold by Hinchy allowed his customers to secretly monitor a victim’s phone and access their device data, including text messages and emails, photos, browsing history and precise location data. These apps, which require physical access to someone’s phone, are known as stalkerware (or spouseware), as many are expressly advertised as a way of spying on a person’s spouse or partner. Others are sold under the guise of child monitoring software.
In a statement, New York attorney general Letitia James said that Hinchy used his consortium of companies for “aggressively promoting” his stalkerware apps. James’ office also accused Hinchy’s companies of failing to disclose that customers would have to jailbreak — or root — a victim’s device before they could plant the stalkerware, a process that can weaken the security of a person’s device.
The agreement says that Hinchy must notify affected victims within 60 days that their device is being monitored. Hinchy must also make “accurate disclosures regarding endorsements, rooting and jailbreaking requirements, refund policies, and data security,” per James’ office.
But the agreement falls short of outlawing the apps completely.
In 2020, the U.S. Federal Trade Commission banned Retina-X after it was hacked several times. A year later, the FTC also banned the stalkerware maker SpyFone and its parent company Support King from the surveillance industry. The FTC also instructed Support King to notify victims that their phones had been compromised.
In December, TechCrunch reported that Support King had rebranded as a new stalkerware operation, SpyTrac, in an effort to evade the FTC’s ban. Following the publication of our investigation, both Support King and SpyTrac went offline.
It is not yet known exactly how many users — or victims — were ensnared by PhoneSpector, Highster and the other stalkerware apps. TechCrunch asked James’ office and will update if we hear back.
The holiday season is almost over, but security patches are still continuing to arrive thick and fast in December. The month has seen updates released by Apple, Google, and Microsoft, as well as enterprise software companies including the likes of SAP, Citrix, and VMWare. Many of the patches fix zero-day vulnerabilities already being exploited in […]
U.S. nonprofit healthcare giant Maternal & Family Health Services has confirmed hackers accessed sensitive patient, financial and medical information months earlier. In an advisory published on its website on Thursday, MFHS said a “sophisticated ransomware incident” exposed the sensitive information of current and former patients, employees and vendors. This information included names, addresses, dates of birth, Social Security numbers, […]
CircleCI, a company whose development products are popular with software engineers, has urged users to rotate their secrets following a breach of the company’s systems. The San Francisco–headquartered DevOps company said in an advisory published late Wednesday that it is currently investigating the security incident — its most recent in recent years. “We wanted to make you […]
Leave a Reply