Stalkerware on the rise
Beside weaknesses in IoT, another major threat is “stalkerware” – an insidious branch of “security” software favoured by control freaks, often sold as legitimate software to “monitor children” and which effectively gives an attacker access to location, messages and call logs.
According to figures from security company Kaspersky, between January and August 2019 there were more than 518,223 cases globally where the company’s protection technologies either registered presence of stalkerware on user devices or detected an attempt to install it – a 373% increase in the same period in 2018.
“Most people don’t protect mobile devices and so probably that is just the tip of the iceberg,” said David Emms, principal security researcher at Kaspersky.
Using such software to access someone’s handset without their permission is illegal, experts from law firm Decoded Legal told us, but it remains easy to find online. It begs the question why security companies are unable to kill such tools at source.
That’s a core message: often it is established tech features that in an abusive context are misappropriated
“The whole category is tricky because we can’t label it as malware and report it as we would a backdoor trojan or similar, because in some jurisdictions it’s legal so it straddles a grey area,” said Emms. “Some of them masquerade as parental control software and call themselves legal that way.”
Although the company now flags such software as a privacy threat, it’s unclear what benefit this will have. If, for example, a perpetrator is installing the software, they will override the warning, and if a warning appears later and the victim removes the tool, the consequences could be frightening.
“If someone sees the notification and then removes that software then the person behind it is going to be notified and that puts someone in harm’s way,” Emms said. “Our advice would probably be that if you get a notification of this sort and you believe you’re the victim of abuse the right thing to do is reach out to an organisation for advice – maybe get the police involved before you think about what to do about the phone.
“It may well be that you make the decision to buy a burner phone that isn’t being monitored so that if you need to reach out to a friend you use that phone.”
Finding the right sort of help can be a daunting process for victims. Charities and police try their best to offer assistance, but if people don’t know who to turn to then they may be tempted by free tools. This should be avoided.
“There’s an important void to be filled when it comes to the provision of support,” said UCL’s Tanczer. “But this gap should be filled by specialist services that know how to do thorough risk assessments, safety plans and are trained in trauma-informed work with victims and survivors, [rather] than any corporation that believes their new feature or app could help save the world.”
For confidential advice, call the National Abuse Helpline on or visit