Source: securityboulevard.com – Author: Richi Jennings
Content warning: Abuse, stalking, controlling behavior.
LetMeSpy is a hacking tool used for stalking and spying on spouses, although its Polish developer calls it a “parental control” app. Abusers secretly install the app on victims’ phones, letting them track their prey and spy on their messages. Sadly, LetMeSpy’s central database was hacked and leaked, exposing victims to even more threats.
It’s yet another evil stalkerware app with toy security. In today’s SB Blogwatch, we hate the game and the player.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Secret power of unsent letters.
Schadenfreude and Irony in Equal Measure
What’s the craic, Zack? Mr. Whittaker reports—“Phone tracking app spying on thousands says it was hacked”:
“Rudimentary security mistakes”
LetMeSpy is a type of phone monitoring app that is marketed for parental control or employee monitoring. … Also known as stalkerware or spouseware, these kinds of phone monitoring apps are often planted [on] a person’s phone without their consent [and] specifically designed to stay hidden. [It] silently uploads the phone’s text messages, call logs and precise location data to its servers.
…
LetMeSpy … said its spyware was used to track over 236,000 devices. … The leaked data … included years of victims’ … location data points, … call logs and text messages dating back to 2013. … The majority of victims are located in the United States.
…
These surveillance apps are notoriously buggy and known for rudimentary security mistakes, with countless spyware apps over the years getting hacked, or leaking and exposing the private phone data stolen from unwitting victims. LetMeSpy is not much different … the latest in a long list: … Xnspy, KidsGuard and TheTruthSpy and Support King, to name a few.
Who broke the story? Niebezpiecznik’s redacted researcher is lost in translation—“Polish app spying on Android users has been hacked”:
“Burn with shame”
Like most spying tools of this type, it advertises itself as a friendly “Parental Control” tool and requires manual installation. But you won’t find this one in the parental control app section of Google Play. … Can you guess why?
…
On the Internet, someone shared a file called jaki_kraj_taki_finfisher. … In the file we will find: Over 26,000 email addresses of the tool’s “operators” along with hashes of their passwords; over 16,000 SMS messages; … telephone numbers of people who contacted the tracked persons and telephone numbers of the persons whom the tracked persons called; database dump [of] more data, including locations.
…
[This] is now available to every Internet thug. Will it be used for stalking, plain spam or maybe social engineering attacks? Time will tell. … Burn with shame and redeem your sins.
“Parental control”? Is that what they’re going with? Pascal Monett paints a picture: [You’re fired—Ed.]
If you’re a parent and you use this … you fail at parenting.
Anyone for some sweary Schadenfreude? Bahbus certainly feels it:
A company selling a product that should be illegal gets ****ed over. Good. Screw all their ****ty, immoral customers.
Of course, this would never have happened on an iPhone. Uhh, saagarjha hates to burst your bubble:
Stalkerware does exist on the App Store. The specific things that are possible differ on each platform … but there is plenty of potential for abuse. … There does not exist a platform that I am aware of that can effectively stop stalkerware.
Who is this shadowy company? Our old friend maia arson crimew figured it out:
LetMeSpy … got completely pwned and had their databases dumped. [It] is run by Rafał Lidwin … the CTO of RADEAL. … I have reached out to LetMeSpy and Rafał Lidwin for comment … but have not heard back.
CTO FAIL? u/bazamanaz is shocked—SHOCKED:
A tech company designing products to circumvent privacy didn’t bother with a decent security implementation? Who would have thought.
Who indeed? crunchy_one agrees:
Live by the sword: Die by the sword.
Meanwhile, ignoramous ponders where the people live:
This app … seems to have a huge cluster of [victims] from India and the US: One country with the most social trust deficit and the other with most money.
And Finally:
This tip also works for unsent social media comments
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Emile Mbunzama (via Unsplash; leveled and cropped)
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2023/06/letmespy-spyware-hacked-richixbw/
Category & Tags: Analytics & Intelligence,Application Security,Cloud Security,Cyberlaw,Cybersecurity,Data Security,DevOps,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Malware,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Security Awareness,Security Boulevard (Original),Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,android spyware,cyberstalking,Data breach,Data Leaks,iOS spyware,LetMeSpy,maia arson crimew,Malware Spyware,Parental Control,parental controls,Privacy,SB Blogwatch,spyware,Stalkerware,Stalking,Stalkware – Analytics & Intelligence,Application Security,Cloud Security,Cyberlaw,Cybersecurity,Data Security,DevOps,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Malware,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Security Awareness,Security Boulevard (Original),Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,android spyware,cyberstalking,Data breach,Data Leaks,iOS spyware,LetMeSpy,maia arson crimew,Malware Spyware,Parental Control,parental controls,Privacy,SB Blogwatch,spyware,Stalkerware,Stalking,Stalkware
