Monday, May 18, 2015 - 00:03

mSpy Hack and why parents should stay away from such services

mSpy is a service providing surveillance capabilities to private citizens for mostly mobile devices...phones. The software can track movement, phone calls, extract media and a couple of other things. What you'd expect from such a software. It's mainly advertised for helicopter parents and employers. Obviously this service is quite attractive for some other guys as well.

Brian Krebs reported last week that he found evidence that mSpy had been hacked. Hundreds of gigabates worth of data - mostly from unsuspecting victims of the surveillance - had surfaced on TOR. You can read the details of the hack and leaked information over at Brian's blog.

The really interesting part is that mSpy has not reacted to the problem at all. There is no information, no warning, no dismissal, no nothing. Apparently they are planning to sit it out. Well. Good luck with that.

Personally I do not understand parents that have to monitor their kids 24/7. We couldn't be monitored in the good old times and we pretty much made it. If you absolutely cannot restrain yourself from monitoring your kids you need to be extra careful what service you are opting in for.

mSpy's customer base allegedly had about 40% parents. A good share of their kids now have a problem because they picked a very bad service to feast on their paranoia.

It's pointless to explain why this is a bad idea in general as these services are there and they will be used. If you pick a service you need to take time and analyze what the software actually does and what it is capable of. If you want to keep an eye on your kids all you need is their location. And that is the current or last known location. You do not need to know where they were last week and you most certainly do not need to know their movement patterns. Always keep in mind what that data can mean if someone else get's a hand on it.

If I know where your kid is - or more likely was a while ago - it's pretty much junk information. There is nothing to extract from that. Most importantly. I cannot predict where it could be at some point in the future. I also know jack about who that kid actually is.

But if there is access to a location history, dialed phone numbers and media on the device - selfies anyone? - then I know a whole lot more than I should. I know how that kid moves over time, how it looks and who it contacts. And that's definitely something you don't want the wrong guys to know. To obtain that amount of information I'd have to follow someone for days and keep track of what they do. With services like these you have all that at your fingertips right away.

Aside from the obvious problem with this kind of data there is a whole rat tail of problems coming your way. Phones generally horde sensitive data. For a kid a leak likely is social suicide.

If you can stay away from becoming your family's private NSA do it. If you can't try to find out what services are endorsed by credible groups and then have a very thorough look at what they can do. All you can do with it someone else can as well. So whatever that is make sure it cannot become a problem that creates a significantly bigger problem than the one you are trying to solve with it. Few features and limited data retention are a very good thing in this particular case.

The best service however is called TRUST. You should try that one. It's pretty good.