Provider of covert surveillance app spills passwords for 62,000 users
1 min read
Summary
A researcher has discovered a security flaw in an Android phone surveillance app, allowing the download of sensitive data from 62,000 users.
The app, called Catwatchful, can download emails and photos, track calls and messages, monitor keystrokes and GPS locations, and activate the device’s microphone.
It is advertised as undetectable and claims that “only you can access the information it collects”.
The researcher found a SQL injection vulnerability that enabled anyone to access all the data stored on the server.
Catwatchful is aimed at parents who want to track their children’s online activities, but its emphasis on stealth has led to concerns that it may be used for more nefarious purposes.
