A stalkerware maker that was banned from the surveillance industry after revealing the personal information of its customers, as well as the personal information of those it was spying on, will not be able to go back to selling offensive software, according to the US Federal Trade Commission.
The FTC has rejected a request by Scott Zuckerman, founder of consumer spyware company Support King and its subsidiaries SpyFone and OneClickMonitor, to overturn the ban.
On Monday the FTC A press release announced the denial After Zuckerman petitioned the federal watchdog to revoke or modify the ban order in July of this year.
In 2021, the FTC banned Zuckerman from “offering, promoting, selling, or advertising any surveillance app, service, or business,” effectively barring him from running another stalkerware business. The agency ordered Zuckerman to delete all data collected by SpyFone as well as conduct frequent audits and establish specific cybersecurity practices for his business.
“SpyFone is a blatant brand name for a surveillance business that helped stalkers steal personal information,” said Samuel Levine, acting director of the FTC’s Bureau of Consumer Protection. The stalkerware was hidden from device owners, but completely open to hackers who exploited the company’s slipshod security.”
In his applicationZuckerman claims the security requirements of the FTC order have made it difficult to operate his other businesses because of the financial costs, although Support King is no longer in operation and he now only operates one restaurant and plans to do other “tourism ventures” in Puerto Rico, according to the petition.
Reached by email, Zuckerman declined to comment and referred questions to his lawyer.
The FTC ban stemmed from an incident in 2018, when A security researcher found an Amazon S3 bucket belonging to SpyFone That left highly sensitive data — selfies, text messages, chat app messages, audio recordings, contacts, locations, hashed passwords and logins, and more — visible and accessible to anyone online.
The exposed data included 44,109 unique email addresses and, according to the researcher who discovered the breach, “at least 2,208 current ‘customers'” from 3,666 phones and hundreds or thousands of photos and audio in each folder that had the SpyFone stalkerware installed.
Contact us
Do you have more information about stalkerware creators? From a non-work device, you can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or email.
Less than a year after the 2021 FTC order, TechCrunch reported that Zuckerman appears to be running another stalkerware company. In 2022, TechCrunch received a trove of breached data from the stalkerware app SpyTrack. The information revealed that SpyTrack was operated by freelance developers with direct ties to Support King, in what appeared to be an attempt to evade the FTC’s ban. Additionally, the breached data included records of SpyFone, which Zuckerman was ordered to delete, and keys to access the cloud storage of OneClickMonitor, one of his stalkerware apps.
Eva Galperin, a prominent expert on stalkerware, celebrated the news. “Mr. Zuckerman clearly hoped that if he lay low for a few years, everyone would forget why the FTC had issued sanctions not only against the company, but against him specifically,” Galperin told TechCrunch.
TechCrunch’s revelation in 2022 that Zuckerman had apparently violated the FTC ban “suggests that Zuckerman hasn’t learned his lesson,” added Galperin, who is director of cybersecurity at the digital rights nonprofit Electronic Frontier Foundation.
Stalkerware apps allow their customers to secretly spy on their loved ones’ phones and devices. In addition to enabling potentially illegal activities, in the past eight years, there have been at least 26 stalkerware companies that have been hacked or exposed sensitive data online, according to TechCrunch statistics. These repeated incidents show that these companies have repeatedly failed to protect the privacy of their customers, as well as those they spy on.