ESET, a leading proactive threat detection company, analyses the case of “TheTruthSpy”, a company that sells worldwide an application for devices Android and IOS aimed at home users and promotes their products highlighting the possibility of spying on the device of a third. TheTruthSpy was the victim of a computer attack in which they stole access to users, audio recordings of victims, photos and chats, among other data.
The company is one of the best known in terms of marketing apps that can be considered as spyware (a variety of applications with malicious features and stealthily allow remote monitoring of passwords and other information Sensitive) to home users worldwide. On its website promotes the product as a parental control tool, a tool to follow the steps of your partner or even for employers who intend to monitor their workers, which makes it can be considered as spyware is the way it Installs on the spied user’s device. punctually the controversial application remains hidden in the device and offers the possibility to monitor in real time the location of the person spied through the GPS, control your device remotely, have a record of the calls and messages of text, View the media files on the affected device and also provides access to the passwords of the accounts that the harassed person uses, allowing the spy to enter their social networks and email.
Initially the news of the violation of the information of this application was revealed by the site Motherboard of Vice. The attacker spoke with the Motherboard and commented that in February of this year he was able to enter the company’s server and accessed more than 10,000 names of customers from different parts of the world, As well as their passwords, the photographs and audio recordings from the device of the people who were being spied, information about the location, text messages, among other information. The attacker was critical of the developer of this application by saying that “they care about how to promote a product to spy on, but do not care how to protect the privacy of attackers and victims.”
On the other hand, he told the journalist that a large number of service consumers reused the same password in services such as mail, PayPal or Amazon. And he said that, while he agreed to these accounts, he didn’t steal any money.
While intercepting a third party’s communications is illegal in the vast majority of countries around the world, these applications are easily accessible to users. “It is important that parents who are concerned about the use of technology in their children know that the key is not in an application-based control to spy on what their children do with their devices, Protection must start with the dialogue with the children and accompany the digital path and if necessary to use parental control tools, but always with the knowledge of the boys, “says the security researcher at the laboratory of ESET Latin America, Cecilia Pastorino. And he adds, “It’s about teaching them, through dialogue and with the support of digital tools, what are the dangers and risks on the Internet, what their responsibilities are, what should and should not be done and what are the ways to protect themselves.”