A New York-based spyware maker has agreed to notify the individuals whose phones were compromised by its mobile surveillance software, following a deal with the New York attorney general’s office announced Thursday.
Under the agreement, Patrick Hinchy, whose 16 companies promoted apps like PhoneSpector and Highster, will also pay $410,000 in civil penalties for illegally promoting the mobile surveillance software that allowed its customers to spy on another person’s phone without their knowledge.
According to the New York attorney general’s office, the apps sold by Hinchy allowed his customers to secretly monitor a victim’s phone and access their device data, including text messages and emails, photos, browsing history and precise location data. These apps, which require physical access to someone’s phone, are known as stalkerware (or spouseware), as many are expressly advertised as a way of spying on a person’s spouse or partner. Others are sold under the guise of child monitoring software.
In a statement, New York attorney general Letitia James said that Hinchy used his consortium of companies for “aggressively promoting” his stalkerware apps. James’ office also accused Hinchy’s companies of failing to disclose that customers would have to jailbreak — or root — a victim’s device before they could plant the stalkerware, a process that can weaken the security of a person’s device.
The agreement says that Hinchy must notify affected victims within 60 days that their device is being monitored. Hinchy must also make “accurate disclosures regarding endorsements, rooting and jailbreaking requirements, refund policies, and data security,” per James’ office.
But the agreement falls short of outlawing the apps completely.
In 2020, the U.S. Federal Trade Commission banned Retina-X after it was hacked several times. A year later, the FTC also banned the stalkerware maker SpyFone and its parent company Support King from the surveillance industry. The FTC also instructed Support King to notify victims that their phones had been compromised.
In December, TechCrunch reported that Support King had rebranded as a new stalkerware operation, SpyTrac, in an effort to evade the FTC’s ban. Following the publication of our investigation, both Support King and SpyTrac went offline.
It is not yet known exactly how many users — or victims — were ensnared by PhoneSpector, Highster and the other stalkerware apps. TechCrunch asked James’ office and will update if we hear back.
Thoma Bravo, the private equity and growth capital firm, today announced that it would spend $1.8 billion CAD (~$1.34 billion) to acquire Magnet Forensics, a Waterloo-based company making software used by defense forces and businesses to investigate cybersecurity threats. Magnet Forensics will be purchased by a newly created corporation controlled by Thoma Bravo, Morpheus Purchaser Inc., which […]
The LockBit ransomware gang has published what it claims is the full transcript of its negotiations with Royal Mail, which continues to experience disruption due to last month’s cyberattack. The chat logs negotiating the ransom is the first data that LockBit has published following the cyberattack on Royal Mail, which left the British postal service unable to dispatch […]
ata breaches can be extremely harmful to organizations of all shapes and sizes — but it’s how these companies react to the incident that can deal their final blow. While we’ve seen some excellent examples of how companies should respond to data breaches over the past year — kudos to Red Cross and Amnesty for their transparency — 2022 has been a […]
Leave a Reply