All products
FTC Upholds Ban on Stalkerware Founder Scott Zuckerman
The U.S. Federal Trade Commission (FTC) has denied a request to lift a ban on Scott Zuckerman, the founder of consumer spyware company Support King and its subsidiaries SpyFone and OneClickMonitor. Zuckerman had petitioned the federal watchdog to rescind or modify the ban order, which was imposed in 2021 after a data breach exposed the personal information of SpyFone’s customers and the people they were spying on.
The ban, which was announced in a press release on Monday, prevents Zuckerman from “offering, promoting, selling, or advertising any surveillance app, service, or business.” The agency also ordered Zuckerman to delete all the data collected by SpyFone, as well as to undergo frequent audits and establish certain cybersecurity practices for his businesses. According to Samuel Levine, then acting director of the FTC’s Bureau of Consumer Protection, “SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information.”
Background on the Ban
The FTC ban stemmed from an incident in 2018, when a security researcher found an Amazon S3 bucket belonging to SpyFone that left extremely sensitive data — including selfies, text messages, chat app messages, audio recordings, contacts, location, hashed passwords and logins, and more — exposed online for anyone to see and access. The exposed data included 44,109 unique email addresses and, according to the researcher who found the breach, “at least 2,208 current ‘customers’ and hundreds or thousands of photos and audio in each folder” from 3,666 phones that had the SpyFone stalkerware installed on them.
Zuckerman claimed in his petition that the FTC order’s security requirements have made it harder for him to run his other businesses due to financial costs, despite the fact that Support King is no longer in operation and he now only runs a restaurant and plans other “tourism ventures” in Puerto Rico. However, Eva Galperin, a prominent expert on stalkerware, celebrated the news, stating that “Mr. Zuckerman was clearly hoping that if he laid low for a few years, everyone would forget about the reasons why the FTC issued a ban not only against the company, but against him specifically.”
Stalkerware and its Risks
Stalkerware apps allow their customers to surreptitiously spy on the phones and devices of their loved ones, enabling potentially illegal activities. For the last eight years, there have been at least 26 stalkerware companies that have been hacked or left sensitive data exposed online, according to TechCrunch’s tally. These repeated incidents show that these companies have repeatedly failed to protect the privacy of their customers, as well as the people they spy on.
Galperin, who is the director of cybersecurity at the digital rights nonprofit Electronic Frontier Foundation, added that TechCrunch’s revelation in 2022 that Zuckerman apparently violated the FTC ban “suggests that Zuckerman did not learn his lesson.” The FTC’s decision to uphold the ban is a significant step in protecting consumers from the risks associated with stalkerware.
For more information on this story, visit Here
Image Credit: techcrunch.com