Kaspersky is partnering with the National Network to End Domestic Violence to highlight the dangers of domestic surveillance technology
The ubiquity of mobile devices has carved out a fresh market for developers of unethical and highly controversial surveillance software that caters to paranoid and abusive spouses.
The technology – sometimes called ‘stalkerware’ or ‘spouseware’ – can be used to track, harass, or stalk partners because it gives full and unauthorized control over any mobile device on which it is installed.
Once installed, stalkerware can monitor a device’s location, internet usage, access photos, and more. Potential applications include monitoring employee emails and tracking children, as well as capturing the activity from a partner’s device.
Vyacheslav Zakorzhevsky, head of anti-malware research at Kaspersky, explained that the technology differs from child monitoring (parental control) software by virtue of its covert presence on installed devices.
Whereas parental control apps flash notifications on the devices they are installed on, commercial spyware packages go to great lengths to hide their presence.
Such applications are typically installed using software vulnerabilities or social engineering techniques.
Stalkerware, by contrast, is typically bought online and installed by someone with ready access to a device.
According to the Kaspersky researcher, there are around 360 stalkerware apps on the market today – the vast majority (95%) of which are developed for Android phones.
Applications retail at an average of $29 a month, or $350 a year.
Although aggressors may have to disable security controls on their target’s device in order to install the malware, there are YouTube tutorials that cover how to do this.
“Almost no technical skills are required to install it,” Zakorzhevsky told The Daily Swig.
Even more worrying is that some vendors offer installation support. Phones that come pre-installed with stalkerware can also be purchased.
Call the cops?
In the last eight months, since the security company began identifying stalkerware as a distinct security threat category, Kaspersky has identified 39,000 victims of unauthorized surveillance.
However, despite it often being used as a tool for abuse, the sale of this software is still legal.
The regulatory and legal frameworks that might be applicable to this type of software have yet to act as a sufficient deterrent towards abuse, a session at the Virus Bulletin conference in London heard on Wednesday.
During a workshop, entitled ‘Countering tech abuse together’, Zakorzhevsky was joined by a representative of the US-based National Network to End Domestic Violence (NNEDV).
As well as improving detection of stalkerware apps, the industry needs to work out the best way of notifying users of this threat, the researcher said.
To that end, Kaspersky is partnering with the NNEDV to raise awareness about the issue and “assist survivors through technical expertise and capacity building”.
Uninstalling such apps is far more difficult than installing them. Victims might report the presence of stalkerware on their phones as evidence of stalking or harassment, but this isn’t always the best option.
Ethics surrounding notifying victims of stalkerware, as well as the legal status of stalkerware apps, were debated during the workshop.
As well as working with domestic abuse charities, Kaspersky is working with other security firms and groups such as the Electronic Freedom Foundation (EFF) on policy issues.