A New York-based spyware maker has agreed to notify the individuals whose phones were compromised by its mobile surveillance software, following a deal with the New York attorney general’s office announced Thursday.
Under the agreement, Patrick Hinchy, whose 16 companies promoted apps like PhoneSpector and Highster, will also pay $410,000 in civil penalties for illegally promoting the mobile surveillance software that allowed its customers to spy on another person’s phone without their knowledge.
According to the New York attorney general’s office, the apps sold by Hinchy allowed his customers to secretly monitor a victim’s phone and access their device data, including text messages and emails, photos, browsing history and precise location data. These apps, which require physical access to someone’s phone, are known as stalkerware (or spouseware), as many are expressly advertised as a way of spying on a person’s spouse or partner. Others are sold under the guise of child monitoring software.
In a statement, New York attorney general Letitia James said that Hinchy used his consortium of companies for “aggressively promoting” his stalkerware apps. James’ office also accused Hinchy’s companies of failing to disclose that customers would have to jailbreak — or root — a victim’s device before they could plant the stalkerware, a process that can weaken the security of a person’s device.
The agreement says that Hinchy must notify affected victims within 60 days that their device is being monitored. Hinchy must also make “accurate disclosures regarding endorsements, rooting and jailbreaking requirements, refund policies, and data security,” per James’ office.
But the agreement falls short of outlawing the apps completely.
In 2020, the U.S. Federal Trade Commission banned Retina-X after it was hacked several times. A year later, the FTC also banned the stalkerware maker SpyFone and its parent company Support King from the surveillance industry. The FTC also instructed Support King to notify victims that their phones had been compromised.
In December, TechCrunch reported that Support King had rebranded as a new stalkerware operation, SpyTrac, in an effort to evade the FTC’s ban. Following the publication of our investigation, both Support King and SpyTrac went offline.
It is not yet known exactly how many users — or victims — were ensnared by PhoneSpector, Highster and the other stalkerware apps. TechCrunch asked James’ office and will update if we hear back.
as we all know, humans are often the weakest part of the security chain.” Those are the words of Reddit CTO Christopher Slowe, who was quick to play the blame game in a post announcing that Reddit experienced a breach of internal data last week. He explained that the platform was compromised after an attacker sent “plausible-sounding prompts” to employees […]
Pour one out for Windows 7, the decade-old operating system that today reached the end of the security line. Some three years after Microsoft called time on mainstream support of Windows 7, the technology giant will no longer provide security updates, leaving the remaining users the option to upgrade to a newer operating system or […]
Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes, has been hit by a ransomware attack that forced several European and U.S. banks to revert to manual processes. The cyberattack, which TechCrunch learned about on Tuesday, affected Ion’s Cleared Derivatives division, which provides software for automating the trading lifecycle and the […]
Leave a Reply