Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Security Businesses IOS Privacy

Mobile Spy Software Maker MSpy Hacked, Customer Data Leaked 79

pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.
This discussion has been archived. No new comments can be posted.

Mobile Spy Software Maker MSpy Hacked, Customer Data Leaked

Comments Filter:
  • I guess some enterprising lawyer will also use it to troll for clients whose spouses have spied on them.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      You joking? The NSA already had this data.

      • Probably true (Score:2, Insightful)

        by Anonymous Coward

        Finding an old article on mSpy:

        "The mSpy technology aggregates the surveillance activity in a cloud-based, password-protected control panel, from which the user can send remote commands, including blocking access to certain programs, websites and apps, and can also restrict incoming calls or shut down and lock the phone. Now that themSpy monitoring software can be pre-installed on HTC One, Nexus 5, Samsung Galaxy S4 and iPhone 5s smartphones, the user no longer has to worry about smartphone compatibility wi

        • Re:Probably true (Score:5, Informative)

          by Noah Haders ( 3621429 ) on Friday May 15, 2015 @12:07AM (#49695611)

          A clarification, you can't install mspy unless you jailbreak your iPhone. I wouldn't be surprised if the Chinese jail breaking packages come with mspy pre-configured... Also, no jailbreak exists for iOS 8.3, the current version.

          • A clarification, you can't install mspy unless you jailbreak your iPhone.

            yes you can.

            http://www.mspy.com/faq.html [mspy.com]

            it works by accessing the iCloud backup and extracting data from that.

            • first, a better link is here:
              http://www.mspy.com/compatibil... [mspy.com]

              in order to access the icloud backup and "extract data", it needs to know the user's account password. It basically downloads the icloud backup onto another phone. L33T HAx0Rs!

              As a non-jeakbreak iphone user, I am always on the lookout for potential ways my phone can be hacked. When I find one, I'll let you know.

                   

          • A clarification, you can't install mspy unless you jailbreak your iPhone. I wouldn't be surprised if the Chinese jail breaking packages come with mspy pre-configured... Also, no jailbreak exists for iOS 8.3, the current version.

            Incorrect [mspy.com]

  • by fustakrakich ( 1673220 ) on Thursday May 14, 2015 @10:03PM (#49695151) Journal

    All your stuff is backed up... somewhere

  • by Anonymous Coward

    The problem is this statement:

    Akbar was charged with selling and advertising wiretapping equipment.

    “Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners,” U.S. Attorney Dana Boente said in a press release tied to Akbar’s indictment.

    So it is illegal to sell wiretapping equipment.
    Why are there so many companies selling and advertising such equipment to government agencies without being charged?

  • by koan ( 80826 )

    I needed a good laugh.

  • I'm pretty sure this is why you encrypt your database. But you know, whatever, cost money, might hurt the bottom line.

    • by TWX ( 665546 )
      There still needs to be a means to use the database. There also needs to be a means for automated software (ie, that which is installed as a client on the compromised phone) to authenticate into the database. There's going to be a weakness somewhere even for an encrypted database otherwise the database is useless. For all we know it was encrypted and it was compromised through a phone that had itself been compromised with the company's software.

      If that's how it happened, or if analysis of a compromise
      • If a system like this was properly designed, the data would be encrypted against a key held by the customer, and the company would never have access to decrypted data. As it is, it appears that every person using the service was in effect providing the company with all the data from the phone in question. What the company did with it after this point is irrelevant, as the information is already compromised.

        Based on the activities of the original owners, I wouldn't be surprised if someone got fired from th

  • by Anonymous Coward

    Link?

  • by jenningsthecat ( 1525947 ) on Thursday May 14, 2015 @11:07PM (#49695403)

    ...that the data stolen belonged to people whose privacy was already being grossly invaded, rather than to the fuckwits who thought it was a good idea to spy on their family members.

    • by rtb61 ( 674572 )

      I am sure 'MSpy' wrote in all sorts of stuff in the EULA to ensure that all your data belong to them. Perhaps they felt there was more money in selling the data than in looking after it. Unencrypted means only one thing, they did not care about keeping it secure internally ie they were already trawling through it all for the juicy bits. They do have a Seychelles office http://www.taxjustice.net/2014... [taxjustice.net] which puts them immediately under extreme suspicion.

    • by AmiMoJo ( 196126 )

      I wouldn't be so sure about that. Chances are that their Apple IDs and email addresses are exposed, as well as maybe some embarrassing photos if they are the partner of their victim. An Apple ID is all it took to crack all those celebrity iCloud accounts because their passwords and recovery info were usually easy to guess. In this case the names and probably birthdays of their families are known, their anniversary date etc.

      Any CEOs or politicians involved should be worried.

  • by DoofusOfDeath ( 636671 ) on Thursday May 14, 2015 @11:08PM (#49695409)

    Can you imagine the number of lawsuits this is going to bring against the people who installed it?

  • Say I want to spy on my kid. (I don't, but work with me here.) How would that software work? Short of jailbreaking the phone, I can't imagine what iPhone spyware would look like. Would said kid have a Spy On Me app that she'd need to run from time to time? Even keyboard replacement apps are somewhat vetted in what information they send to their vendors, and I don't think they have access to photos, email, or anything else but the keyboard.
  • by Anonymous Coward

    Well, ok, so what is the onion address?
    We can't really evaluate this stuff without the source.

  • What was the nature of the hack? What Operating System and platform does MSpy keep its customer database on?
  • by Anonymous Coward

    "Several hundred GB" divided by "~2m people" equals "a couple hundred KB per person."

    These days, that's a tiny amount of data to be "complete contents"

Whenever people agree with me, I always think I must be wrong. - Oscar Wilde

Working...