Connect with us


A Brazilian Phone Spyware Was Hacked And Victims’ Devices ‘Deleted’ From Server




The Portuguese-language app WebDetetive was used to compromise over 76,000 phones to date

APortuguese-language spyware called WebDetetive has been used to compromise more than 76,000 Android phones in recent years across South America, largely in Brazil. WebDetetive is also the latest phone spyware company in recent months to have been hacked.

In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access to its user databases. By exploiting other flaws in the spyware maker’s web dashboard — used by abusers to access the stolen phone data of their victims — the hackers said they enumerated and downloaded every dashboard record, including every customer’s email address.

The hackers said that dashboard access also allowed them to delete victim devices from the spyware network altogether, effectively severing the connection at the server level to prevent the device from uploading new data. “Which we definitely did. Because we could. Because #fuckstalkerware,” the hackers wrote in the note.

The note was included in a cache containing more than 1.5 gigabytes of data scraped from the spyware’s web dashboard. That data included information about each customer, such as the IP address they logged in from, and purchase history. The data also listed every device that each customer had compromised, which version of the spyware the phone was running, and the types of data that the spyware was collecting from the victim’s phone.

The cache did not include the stolen contents from victims’ phones.

DDoSecrets, a nonprofit transparency collective that indexes leaked and exposed datasets in the public interest, received the WebDetetive data and shared it with TechCrunch for analysis.

In total, the data showed that WebDetetive had compromised 76,794 devices to date at the time of the breach. The data also contained 74,336 unique customer email addresses, though WebDetetive does not verify a customer’s email addresses when signing up, preventing any meaningful analysis of the spyware’s customers.

It’s not known who is behind the WebDetetive breach and the hackers did not provide contact information. TechCrunch could not independently confirm the hackers’ claim that it deleted victims’ devices from the network, though TechCrunch did verify the authenticity of the stolen data by matching a selection of device identifiers in the cache against a publicly accessible endpoint on WebDetetive’s server.

WebDetetive is a type of phone monitoring app that is planted on a person’s phone without their consent, often by someone with knowledge of the phone’s passcode.

Once planted, the app changes its icon on the phone’s home screen, making the spyware difficult to detect and remove. WebDetetive then immediately begins stealthily uploading the contents of a person’s phone to its servers, including their messages, call logs, phone call recordings, photos, ambient recordings from the phone’s microphone, social media apps, and real-time precise location data.

Despite the broad access that these so-called “stalkerware” (or spouseware) apps have to a victim’s personal and sensitive phone data, spyware is notoriously buggy and known for their shoddy coding, which puts victims’ already-stolen data at risk of further compromise.

WebDetetive, meet OwnSpy

Little is known about WebDetetive beyond its surveillance capabilities. It’s not uncommon for spyware makers to conceal or obfuscate their real-world identities, given the reputational and legal risks that come with producing spyware and facilitating the illegal surveillance of others. WebDetetive is no different. Its website does not list who owns or operates WebDetetive.

But while the breached data itself reveals few clues about WebDetetive’s administrators, much of its roots can be traced back to OwnSpy, another widely used phone spying app.

TechCrunch downloaded the WebDetetive Android app from its website (since both Apple and Google ban stalkerware apps from their app stores), and planted the app onto a virtual device, allowing us to analyze the app in an isolated sandbox without giving it any real data, such as our location. We ran a network traffic analysis to understand what data was flowing in and out of the WebDetetive app, which found it was a largely repackaged copy of OwnSpy’s spyware. WebDetetive’s user agent, which it sends to the server to identify itself, was still referring to itself as OwnSpy, even though it was uploading our virtual device’s dummy data to WebDetetive’s servers.

OwnSpy is developed in Spain by Mobile Innovations, a Madrid-based company run by Antonio Calatrava. OwnSpy has operated since at least 2010, according to its website, and claims to have 50,000 customers, though it’s not known how many devices OwnSpy has compromised to date.

OwnSpy also operates an affiliate model, allowing others to make a commission by promoting the app or offering “a new product to your clients” in return for OwnSpy taking a cut of the profits, according to an archived copy of its affiliates website. It’s not clear what other operational links, if any, exist between OwnSpy and WebDetetive. Calatrava did not return a request for comment or provide contact information for WebDetetive’s administrators.

A short time after we emailed Calatrava, portions of OwnSpy’s known infrastructure dropped offline. A separate network traffic analysis of OwnSpy’s app by TechCrunch found that OwnSpy’s spyware app was briefly non-functional at the time of publication. WebDetetive’s app continues to function.

Destructive attack?

WebDetetive is the second spyware maker to be targeted by a data-destructive hack in recent months. LetMeSpy, a spyware app developed by Polish developer Rafal Lidwin, shut down following a hack that exposed and deleted victims’ stolen phone data from LetMeSpy’s servers. Lidwin declined to answer questions about the incident.

By TechCrunch’s count, at least a dozen spyware companies in recent years have exposed, spilled, or otherwise put victims’ stolen phone data at risk of further compromise because of shoddy coding and easily exploitable security vulnerabilities.

TechCrunch was unable to reach the WebDetetive administrators for comment. An email sent to WebDetetive’s support email address about the data breach — including whether the spyware maker has backups — went unreturned. It’s not clear if the spyware maker will notify customers or victims of the data breach, or if it still has the data or records to do so.

Destructive attacks, although infrequent, could have unintended and dangerous consequences for victims of spyware. Spyware typically alerts the abuser if the spyware app stops working or is removed from a victim’s phone, and severing a connection without a safety plan in place could put spyware victims in an unsafe situation. The Coalition Against Stalkerware, which works to support victims and survivors of stalkerware, has resources on its website for those who suspect their phone is compromised.

How to find and remove WebDetetive

Unlike most phone monitoring apps, WebDetetive and OwnSpy do not hide their app on an Android home screen, but instead disguise themselves as an Android system-presenting Wi-Fi app.

WebDetetive is relatively easy to detect. The app appears named as “WiFi” and features a white wireless icon in a blue circle on a white background.

When tapped and held, and the app info is viewed, the app is actually called “Sistema.”

We have a general guide that can help you remove Android spyware from your phone, if it is safe to do so. You should ensure that Google Play Protect is switched on as this on-device security feature can defend against malicious Android apps. You can check its status from the settings menu in Google Play.

If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. If you are in an emergency situation, call 911. The Coalition Against Stalkerware also has resources if you think your phone has been compromised by spyware.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Youtube Introduces A New App, Youtube Create For Editing Videos, Adding Effects And More



YouTube this morning introduced a new app for creators, YouTube Create, that will offer a suite of easy-to-use and free tools that will allow them to make both Shorts and longer videos. The tool aims to address some of the challenges creators face, including the editing process and the ability to leverage creative tools, including things like stickers, GIFs and effects, for example.

The company said it consulted with 3,000 creators on the development of the new app and designed it according to their feedback.

To use the tool, creators would add their clips, then choose from a range of editing tools to begin creating their video. With the app, they can do things like preview splits and trim their clips as they’re putting together a video. There are also thousands of stickers, GIFs, and a set of effects available within the app.

In addition, the app will provide access to YouTube’s library of royalty-free tracks, so creators can choose from thousands of songs to complement their videos. All these songs are copyright-safe, so creators can monetize their videos without worry, the company says. Plus, the tool will match the beats of the song to the video clips to keep everything in sync — a feature popularized by TikTok.

Plus, the app can do audio cleanup to remove unwanted background sounds, automatically generate captions that can be added to the video with a tap of a button, and export the final product to the creator’s YouTube channel.

The idea to offer a separate app for creation is popular among the creator community. Despite the numerous built-in effects on TikTok, for example, many creators turn to ByteDance’s other creative app CapCut to prepare their TikTok videos.

The new app, initially available for Android, is launching into beta starting today across eight markets worldwide. (The U.S., Germany, France, United Kingdom, Indonesia, India, Korea, and Singapore).

The company says it will continue to expand the app will more features and bring it to more creators over time.

Tech Chrunch

Continue Reading


Fintech Faces Its Reckoning: It’s Only A Matter Of Time Until The House Of Cards Collapses



The 2008 Global Financial Crisis was easily the most destructive economic crisis since the Great Depression. And yet, it’s not without a touch of irony that without it, we wouldn’t have a thriving startup ecosystem.

In an attempt to reboot the global economy, central banks slashed interest rates to almost zero, resulting in an era of cheap money.

This resulted in two things. First, it incentivized investors to fund promising (and, in many cases, not so promising) young tech companies. But it also allowed for the emergence of business models that, in any other circumstance, would be completely unviable.

For examples of the latter, you only need to look at the fintech world. Over the past decade, a dizzying array of challenger banks, e-money services, digital wallets, and more have managed to claw market share away from the legacy incumbents.

They accomplished this by offering a product that, from the consumer’s perspective, was undoubtedly superior.

Consumers were easily convinced by these slick apps, low or nonexistent fees, and higher rebates or interest rates. But they didn’t think about whether the business fundamentals of these fintechs were sustainable in the long-term or whether they could weather a broader change in macroeconomic conditions. They didn’t need to.

But now fintech faces a reckoning. Over the past two years, central banks have hiked interest rates from their COVID-era lows to the highest levels for a generation. And now the business models that won consumers’ affection look increasingly tenuous.

It’s only a matter of time until the house of cards collapses.

Fintech’s Achilles’ heel

For countless fintech providers, the main source of revenue comes from interchange fees. These are, essentially, the commissions paid to card issuers, payment networks, and banks whenever a consumer buys something.

Many fintech companies rely on interchange fees to varying degrees, although in each case, they account for a significant part of their income. For example, U.S. neobank Chime made $600 million from interchange fees in 2020 alone. From the consumer’s perspective, the interchange is completely invisible, although for many fintechs, it’s a financial lifeline.

Ultimately, fintechs need to remember that they are, first and foremost, technology companies.

There are two things you need to know here: First, although interchange fees vary depending on the type of card, such as whether it’s a debit or credit card, and the jurisdiction where the payment occurred, they nonetheless are capped to a fixed percentage of the transaction price.

The other thing? Interest rates, by their very definition, aren’t. They’re set by central banks, with the percentage rate influenced primarily by external economic conditions. When times are tough — like a recession or a once-in-a-lifetime pandemic — they go down to stimulate spending and bolster consumer confidence. When inflation spikes, so too do the interest rates as central banks try to dampen economic activity (and thus, demand).

By itself, this presents a serious dilemma for fintechs wholly or primarily reliant on interchange fees. While their revenue potential is capped as a fixed percentage of their customers’ purchasing activity, their borrowing costs can spiral dangerously out of control.

This issue is compounded further by the fact that, in many cases, these fintechs aren’t keeping the interchange fees for themselves. As we’ve seen over the past decade, one of the most valuable barometers of a startup’s future prospects is its customer acquisition rate, and the easiest way to juice this metric is to offer generous rebates or interest rates.

And so, to keep the lights on, they’re burning through their runway or looking for funding through equity or debt deals. But runway doesn’t last forever, and as the broader macroeconomic situation worsens, additional funding has become harder to obtain, and likely is smaller or given under less advantageous conditions.

A lack of flexibility

It’s worth noting that this crisis is one shared almost exclusively by the newest fintech startups, and not, as you perhaps might expect, legacy financial institutions. One reason — albeit a small one — is that these businesses don’t have the same pressing need to acquire new customers. A bank with a hundred-year legacy doesn’t have to rely on sign-ups to prove its long-term viability as a business.

But the biggest advantage these incumbents enjoy is the fact that they’re, as businesses, incredibly diversified. Time has allowed them to offer a broad range of services, from loans and insurance to credit cards and mortgages. This diversification offers a degree of insulation from interest rate changes and is why the notoriously stodgy traditional financial sector will weather the coming few years.

Additionally, banks have traditionally enjoyed the cheapest forms of funding, because they store and hold deposits, often paying interest rates to their customers that are far below those established by central banks.

By contrast, most of the challenger fintech startups lack that extent of product diversity. They may be exclusively reliant on interchange fees for revenue or, if they have alternative products, are yet to achieve any level of critical mass or adoption. Often, this is because they’ve yet to become registered and regulated banks, or they’ve willingly chosen to focus on one particular segment of the market.

In the U.S., banks are the only institutions that can hold depositor funds. They have more freedom in the types of products they can offer and thus have greater opportunities for diversification. But the formal process of becoming a bank is long, tiresome, and expensive — and it’s only getting harder. For fintechs, it simply isn’t worth the effort — or, rather, it’s a problem to circumvent by partnering with a fintech-friendly bank.

Becoming a bank also carries some serious downsides. It involves a high degree of oversight, which many startups may find too difficult to bear. And what happens if a fintech changes its mind? Then things get tricky.

Renouncing a banking charter is a logistical nightmare and carries a degree of stigma, as it’s often the result of some kind of failure or malfeasance. That’s not to say it doesn’t happen or that there aren’t legitimate (and even strategically sound) reasons for doing so. The Utah-based Marlin Bank gave up its state charter to merge with a larger investment fund. But these divorces — for lack of a better term — are never easy. There’s the thorny issue of what to do with client accounts or the products you can no longer sell or manage. The transition takes time, effort, and money.

The difficult road ahead

The original sin of many startups — including, but not limited to, fintech companies — is believing that the rosy macroeconomic conditions of the 2010s would continue indefinitely. That inflation and interest rates would stay low forever and that they’ll never run short of affordable, easily accessible capital.

That there would be no pandemic. No war in Ukraine. Nothing that could shake the foundations of their businesses.

For many companies, this myopia will be their downfall. They’ve boxed themselves in, either by offering a limited product lineup or by providing incentives that their customers will be reluctant to abandon. This is especially true for those businesses in the corporate card market that depend primarily on interchange fees but give most or all of their revenue to customers in the form of rebates and interest rates.

This fear is shared by McKinsey, which, in its 2022 Global Payments Report, warned about the impact of rising interest rates and fixed interchange fees on fintechs, noting that the business models of many fintech startups — particularly for buy now, pay later firms — have yet to prove their viability in such choppy macroeconomic conditions.

One thing is clear: The stubbornly high rates of inflation aren’t, as once thought, a transitory problem but something that will be with us for a long time. This means we’re unlikely to see low central bank rates — the secret sauce that allowed these fundamentally precarious business models to last so long — for several years to come. The fintechs that survive this period will be those who adapt, either by making hard decisions about the incentives they offer customers or by expanding their product portfolio.

They can accomplish this without fundamentally undermining their value propositions. As some of the most successful fintech companies prove, the best way to drive volume is to offer a customer experience that’s unambiguously better than the legacy alternatives.

Ultimately, fintechs need to remember that they are, first and foremost, technology companies. And the way to win is to build incredible software.

Great software gives consumers a reason to pay rather than use a free alternative. It unlocks new revenue models beyond relying on interchange fees or other commission-based payments. By thinking about your business as one that tries to identify and solve problems, rather than one centered on customer acquisition and transaction volumes, it becomes vastly simpler to identify new opportunities, be they new features to distinguish your business from the competition or new products that you can upsell to existing customers.

Crucially, by treating software as a first-class citizen, fintechs can license their software to other organizations, unlocking an additional revenue stream. If the biggest threat to existing fintech companies is an overreliance on interchange fees, the easiest way to achieve resilience is by aggressively pursuing diversification.

This isn’t an inherently novel concept. Look at Microsoft, which makes money from a variety of sources — operating systems, office software, cloud computing, games consoles, and laptops. The same could be said for Google, Apple, Amazon, and countless others. Although the highly regulated nature of the financial services sector makes expansion a complicated and often-bureaucratic process, it’s by no means impossible.

Obviously, it takes time to build new features and unlock additional revenue models. Great software — truly great software — takes talent, money, and a roadmap that stretches beyond a single quarter. For many organizations, achieving this sustainability is a long-term ambition. But it’s worth remembering that we’re still in a tough macroeconomic environment, and profitability is no longer a dirty word for investors — or, at the very least, something that’s secondary to growth.

Showing you’re serious about long-term sustainability and have a pathway to profitability will hold you in good stead in your next funding round.

And finally, they should consider whether the incentives they offer still make sense, given the turmoil we’ve seen in the financial services sector. This year isn’t yet over, and we’ve already witnessed three major bank failures and the collapse or acquisition of countless other smaller providers. Given the ongoing consternation, stability — and, most importantly, the ability to project an image of stability — can be a useful marketing tool.


Continue Reading


Cruise Nears Approval To Mass-Produce Robotaxis With No Steering Wheel, Pedals



Cruise CEO Kyle Vogt said Thursday at an investor conference that the company is close to from getting the green light to begin mass production of its purpose-built autonomous vehicle without a steering wheel or pedals.

“We’re testing it and we are, from what we’ve heard from [the National Highway Traffic Safety Administration], just days away from the last regulatory approval, which would let us start production and almost immediately start putting these vehicles on the road,” Vogt said at a Goldman Sachs event.

NHTSA told TechCrunch that no decision to grant or deny GM’s petition has been reached, nor has a deadline been set for such a decision. That said, federal safety regulators are expected to announce a new rule-making in September. If passed, it also will benefit Amazon’s Zoox, which has built and is testing a similar type of vehicle to Cruise’s Origin.

Cruise first unveiled its Origin AV — built for both autonomous ride-hail and delivery — in early 2020. The GM-backed company has promised to put “tens of thousands” of Origins on streets in major U.S. cities over the next few years, but its ability to begin mass production has been hampered by lengthy regulatory processes.

Cruise, via GM, has been waiting for an exemption from the federal government’s motor vehicle safety standards, which require vehicles to have a steering wheel and pedals. NHTSA only grants 2,500 such exemptions each year, but there is legislation to increase that number to 25,000.

Cruise has still been testing its Origins in cities where it operates like San Francisco and Austin.

Vogt’s announcement comes a few weeks after one of those test vehicles drove off the road and into a small electrical building, according to Austin Transportation Department records obtained by Axios. The Origin hit the building with enough force to break some off, the report said. Because the vehicle had no steering wheel, emergency personnel couldn’t quickly move it, and had to wait for a tow truck.

Cruise said the Origin test vehicle had experienced a system fault during testing and pulled over safely, but when live support re-engaged the vehicle, it shifted out of park and rolled into the building at six miles per hour.

Much of Cruise’s ability to score regulatory approval will depend on how the company answers questions regarding the safety of its vehicles that are already on the road.

Today, Cruise operates fleets of Chevy Bolt AVs in San Francisco, Austin and Phoenix, with plans to expand to a handful more cities. The company has come under the microscope in its hometown of San Francisco, where it operates around 400 robotaxis, after a string of incidents of stalled vehicles that have caused traffic jams and blocked emergency responders. The California Department of Motor Vehicles asked Cruise to reduce its fleet size after one of its vehicles collided with a fire truck, injuring one passenger. This happened days after Cruise, and its competitor Waymo, had received final approval to expand commercial, fully autonomous services across the city 24/7.

Earlier this week, protestors rallied outside of Cruise headquarters after the fire department accused the company of allowing its robotaxi to block the path of an ambulance which carried a passenger who later died. Cruise showed footage of the incident to TechCrunch that backed its denial of the incident as the fire department described, but the company suffered a reputation hit anyway.

While speaking at the investor event, Vogt expressed concern that too much pushback against the robotaxis — simply for being pioneer technology that will make mistakes — will stall important technological advancements that could make roads safer and save lives.

“I worry that we’re going to set society back a decade when it comes to road safety,” he said. “That’s just something we can’t do.”

Building cheaper AVs for better unit economics

Vogt noted that while the Origin is designed to be “a party on wheels” or a “Zen oasis between meetings or on your way to work,” it’ll also present an opportunity to build more vehicles at a cheaper cost.

The executive and Cruise founder said the Origin costs GM less to build than its Chevy Bolts because all of the sensors, compute systems and software are simplified to lower the upfront cost of the vehicle. And in a few years, the Origins will rely on Cruise’s custom, in-house designed chips, which Vogt says takes a lot of cost and complexity out of the equation.

“Working closely with GM, we’ve done a lot of work to increase the lifespan of this vehicle,” said Vogt. “An average car has maybe 150,000 miles, 200,000 miles, something in that range. The Origin is designed to last 1 million…and so you put that long lifetime, lower upfront cost together, that’s a dramatic reduction in the cost per mile to operate these vehicles, which is a key unlock for profitability.”

Vogt went on to say that once the Origin goes into production, it can scale very quickly. He declined to provide a timeline or capacity at GM’s plant.

“We have a great deal of precision around both the final cost of this and the timing, which means that in 2025, the hardware we build will be capable of reaching those unit economics,” said Vogt, reiterating Cruise’s goal of getting down to a cost of operating at $1 per mile.

Cruise has stated its goal of reaching $1 billion in revenue by 2025, a target that Vogt said the company is on track to hit and one that might even help Cruise finally break even. That is, if Cruise can start mass-producing its cheaper Origin vehicles, scale to new markets, and operate more vehicles at more hours of the day.

Tech Crunch

Continue Reading


Copyright © Estreet On TV 2023