- Spyzie has proven vulnerable to the same defect as Cocospy and Spyzie
- More than half a million Android users have been exposed
- About 4,900 iOS users were also exposed
Hundreds of thousands of Android users, as well as several thousand iPhone users, compromised their sensitive data by a spouse software application, called Spyzie.
The applications were found by email addresses, text messages, call newspapers, photographs and other sensitive data, belonging to millions of people who, to their knowledge or consent, have made these applications installed on their devices. The people who installed these applications, in most cases partner, relatives, relatives, also had their email addresses exposed in the same way.
The researcher who found all these faults does not yet share the details, saying that they are quite simple to exploit and have not yet been discussed.
E-mail addresses and more
Spy software applications, often also called “spouse software”, are applications that people secretly install on mobile devices belonging to their partners, children or similar. They are announced as legitimate surveillance applications, but mainly operate in the gray area and are not authorized in the main application stores, such as the App Store or the Play Store.
This is the third application of this type with the same defect, after a cybersecurity researcher recently analyzed Cocospy and Spyic, two other popular Spyware applications whose code apparently has important overlaps, allowing the researcher to draw sensitive information from their servers.
The researcher managed to exfiltrate 1.81 million email addresses used to register with Cocospy and around 880,000 addresses used for the Spyic. In addition to the email addresses, the researcher managed to access most of the data collected by applications, including images, messages and call newspapers.
For Spyzie, the researcher managed to collect more than 510,000 unique email addresses for Android users and sensitive data on at least 4,900 iPhone and iPad users.
The operators did not respond to media requests and did not, at the time of the press, discussed vulnerabilities.
Via Techcrunch
