Discovered that all information acquired by smartphone monitoring application SpyFone was 'published online'

We discovered that all the data collected by the application "SpyFone" that can monitor position information of children and employees and operation contents on smartphone from the web can be accessed by anyone online . The number of people affected is about 2,200 people who installed the application.

Spyware Company Leaves 'Terabytes' of Selfies, Text Messages, and Location Data Exposed Online - Motherboard

What I noticed this situation is Mr. A, a security researcher, who can download the monitoring data after discovering the monitoring data that SpyFone, which had been on Amazon S3 online storage service managed by SpyFone, collected It was discovered from what it was.

The actual saved data includes "photos saved in smartphones", "text messages", "voice recording data", "contact information", "location information", etc. Users who use SpyFone even if they estimate less, It is clear that personal information for 2208 people has been released.

Mr. A said that "you can access all of these data simply by creating an account of SpyFone and logging in," SpyFone's user account effectively has the same level of functionality as the administrator account, Explain that you can access all the data stored on Amazon S3.

Mr. Eva Gallipellin, who is responsible for cyber security at the Electronic Frontier Foundation , criticized SpyFone, the developer of the application, as an impossible company that multiplied "sneak" "irresponsibility" "incompetence" It is.

At the time of article writing SpyFone explained "We are working on countermeasures in cooperation with security enterprises and we are coordinating with law enforcement agencies about countermeasures against data leakage" for explanation, "We We continue to improve the security of our services on a daily basis and we will ensure that this issue will be the last problem we will bring. "

in Mobile,   Software,   Web Service,   Security, Posted by darkhorse_log