When we talk about cybercrime thoughts turn to techniques such as phishing or ransomware or attacks on websites, and so on. Sometimes, the consequences of these types of attacks are expressed in a certain form of cybercrime, one that goes beyond the theft of money or damaging computer networks; this type of cybercrime is highly personal and results in surveillance, stalking, and spying.
The modern computing environment covers many types of devices from desktops and laptops, smartphones, and also, the Internet of Things (IoT). The IoT is a network of interconnected, internet-enabled devices that are used for everything from heating our homes to measuring our heart rate on a run to ordering a smartphone from Amazon.
The world is now a patchwork quilt of connected devices that know more about us than our own mothers do. So, where do cyber-stalking and spying fit into this interconnected world of devices?
Here we look at how our smartwatches, smartphones, digital assistants and desktop computers can take on James Bond when it comes to spying.
What is the impact of spying, stalking, and spyware?
Our devices contain enormous amounts of personal data as well as sensitive, behavioural information and your location at any given time. This data, in the wrong hands, can result in privacy violations at best and at worst could be dangerous. Smart devices, including digital assistants, smartwatches, wearables, and even smart TVs collect, share, and store personal data. Research into the IoT and privacy by Northeastern University and Imperial College London looked at the privacy of 81 different consumer IoT devices.[1] They found some shocking facts about the IoT and privacy:
- 72 of the devices shared personal, location, and behavioural data with third parties unrelated to the original manufacturer.
- Some data was shared unencrypted leaving it open to ‘eavesdropping’ attacks
Spying via device happens because of these in-built issues of privacy; often caused by just poorly designed systems. Poor design means that devices leak data, but it can also result in the device being hijacked by a known individual.
There is also a type of malware known as “Spyware”. This malicious software is typically installed onto a device by means such as phishing or infected apps. Once installed, it will send personal data back to a cybercriminal.
One of the best ways to understand the impact that data spying can have on a person is to look at some cases:
IoT Spy
The Internet of Things (IoT) is being increasingly used by manufacturers to add innovation to devices for the home. Home appliances including, security cameras, central heating controls, and doorbells are being connected up. This also adds functionality to allow someone to control the device from a distance. Therein lies the problem…control…
In 2018, an estranged husband was convicted of spying on his wife using a wall-mounted device. The man was able to remotely log into the device and use the camera and microphone to watch his wife go about her business.[2]
Smartphones for Stalkers
A smartphone was behind the frightening experience of a woman, stalked by an ex-boyfriend. The ex, secretly installed spyware apps onto her phone which he was then able to access remotely once they had split up. The ex-boyfriend was able to control aspects of her car and stalk her remotely using the tracking spyware he had installed on her mobile device.[3]
Watching the Kids
Perhaps one of the most sinister of potential cyber-spying is that associated with children’s smart toys. The National Cyber Security Centre (NCSC) issued a warning about items, such as internet-enabled baby monitors, which could be hijacked by cybercriminals and used to spy on children.[4]
Poorly Designed Devices Make Great Cyber-Spies
Poor design of devices can result in spy features. This was the case with the Apple iPhone Facetime bug[5]. Under certain circumstances, a caller would be able to hear people near the phone without the call being picked up. Simple design flaws like this can be taken advantage of by nefarious people.
5 Tips to Protect Yourself from Spyware
Here are 5 tips to prevent your device from being hijacked or infected with spyware:
- Practise Safe Apps: Only install mobile apps that are from known safe app stores. When installed, check the privacy and security settings and make sure they have any unnecessary data collection settings switched off.
- Be Security Aware: Phishing and the mobile version, SMShing, is often the entry point for spyware infection on a computer or other device. Be aware of phishing, how it works, and how to spot the tell-tale signs of a phishing message.
- Free scans: There are some excellent free anti-spyware tools available. Install on your computers and mobile devices and run real-time scans to find and remove spyware.
- Secure passwords: Change any default passwords that are used by manufacturers on your mobile or IoT devices. Any passwords, used on devices, computers, and online accounts, should be made as robust as possible, using a sequence of unrelated words.
- Set up your own devices: This includes computers, network devices, mobiles, etc. If you must use help to set up computer equipment, make sure you change the password once the system is setup.
5 Best Free Spyware Scanners
The following are some examples of free anti-spyware tools:
Malwarebytes[6]
For Windows, Mac, Android, iOS
Easy to use, automated scans that are unobtrusive. Anti-spyware finds and quarantines spyware. Free, but requires a paid for upgrade to get automatic updates.
Avast[7]
For Windows, Mac, Android, iOS
Always on protection. Variety of settings that progressively lock down the device. Various other tools included such as a Wi-Fi checker.
AVG[8]
For Windows, Mac, Android, iOS
Blocks unsafe links and detects and quarantines all manner of malware, including spyware. AVG offers a ‘deep scan’ which is slower but very thorough.
Adaware[9]
Windows only
Offers a free version with malware (including spyware) detection and quarantine. The free version provides download scanning and offers real-time protection. A paid for upgrade is available that offers more comprehensive features.
TrendMicro Housecall[10]
For Windows, Mac, Android
A free scanner that includes fileless malware detection.[11] Fast and quick scans.
[1] Ren. J., et.al., Information Exposure From Consumer IoT Devices: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf
[2] The Telegraph: https://www.telegraph.co.uk/news/2018/05/10/smart-home-stalker-jealous-husband-used-wall-mounted-ipad-heating/
[3] The Independent: https://www.independent.co.uk/news/world/australasia/woman-stalker-app-car-phone-domestic-abuse-australia-a9197186.html
[4] The Independent: https://www.independent.co.uk/news/uk/home-news/smart-toys-baby-monitors-internet-connected-hackers-cyber-attacks-guidance-ncsc-a8605346.html
[5] 9 to 5 Mac: https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
[6] Malwarebytes: https://www.malwarebytes.com/mwb-download/
[7] Avast: https://www.avast.com/free-antivirus-download
[8] AVG: https://www.avg.com/en-us/free-antivirus-download
[9] Adaware: https://www.adaware.com/free-antivirus-download
[10] TrendMicro: https://www.trendmicro.com/en_us/forHome/products/housecall.html
[11] The Defence Works: https://thedefenceworks.com/blog/does-antivirus-software-work/