How a mobile spyware scan helps free abuse victims

 

Connecting state and local government leaders

A new program offers tech support services that identifies monitoring apps on abuse victims' phones in a clinical setting.

Recognizing that intimate-partner violence is more than physical abuse, researchers at Cornell Tech are working with New York City to scan survivors’ mobile devices for spyware that abusers use for tracking and intimidation.

The Cornell team found that standard anti-virus and anti-malware tools often fail to find and alert survivors to the presence of apps that could be used for stalking. That’s because some apps -- such as mSpy, which is designed to give parents access to private information and location tracking on their children's phones --  are obvious monitoring tools, but others are not.

“Apps like Find My Friends or apps that are used by parents to monitor their children are very frequently used by abusers to monitor their victims, both with and without their knowledge,” said Nicola Dell, a leader of the research team and assistant professor at the Jacobs Technion-Cornell Institute at Cornell Tech. “We really needed a new spyware-detection tool that is capable of surfacing both the traditional spyware, but also these what we call dual use apps.”

So, they created it. Called the Intimate Partner Violence Spyware Discovery (ISDi) application, it’s part of a weekly technology clinic that the researchers have been conducting with Mayor’s Office to End Gender-Based Violence at New York City’s five Family Justice Centers (FJCs). Between November 2018 and May 2019, the team met with 44 survivors and found potential spyware, account compromise or exploitable misconfigurations for 23 clients, according to a recently published Cornell report titled “Clinical Computer Security for Victims of Intimate Partner Violence.”

When electronic stalking is reported, an FJC case worker refers a client to a Cornell researcher for one of the weekly technology clinics the team runs. The meeting, which typically takes 30 to 90 minutes, starts with a nontechnical Technology Assessment Questionnaire to find out what devices a survivor has, how they’re used and risks for account compromise. To perform the scan with ISDi, researchers connect their laptop, which has the app on it, to the survivor’s Android or Apple iOS device via a USB cable. An interface pops up that lists the apps on the device.

ISDi uses a set of heuristics comparing the apps on the device to the researchers’ blacklist of bad or dual-use apps. It will also try to determine if the device is jailbroken, rooted or has software that was installed from a source other than an app store.

Nothing is downloaded onto the survivors’ devices, and the researchers do not look at private information such as text messages or photos, Dell said. The researchers keep their blacklist up-to-date by consulting with app-development companies on new releases and through their work with survivors, she added. Survivors who want to get a device rechecked must return to the FJC for another consultation and scan.

Once ISDi determines the existence of tracking apps, the survivor and technology consultant create a paper worksheet called a technograph -- a visual map that illustrates relationships between devices, accounts and people, similar to a schematic of a family's medical history. Finally, they discuss options for removing offending apps and improving cyber hygiene going forward.

“Prior to all of this, advocates were using their own resources and their own technology know-how  … so sometimes there’d be someone who had a little expertise and could help a survivor at a certain agency, or once in a while, if there were a very serious tech crime, you could get connected to someone at NYPD,” said Alison Francis-Lord, executive director of the Staten Island FJC. “But there really isn’t much to help survivors in this area, so it was very groundbreaking for sure.”

The 44 survivors the Cornell team met with brought 105 devices to the meetings; 82 were Android or iOS, and the team scanned 75 of those with ISDi. The researchers checked all but two of the unscanned devices manually, making the total number checked manually 97.

ISDi flagged a total of 79 apps as problematic across all device scans, with 61 being dual-use apps. For all but one of those, discussions with clients confirmed that they recognized the apps and were aware of their presence, according to the report, but for one, the client had not installed the app, which was a controller for remote home surveillance systems with Wi-Fi, camera and motion-detection capabilities.

The consultations are a fundamental part of what the technologists call clinical computer security, which requires that face-to-face interaction in addition to the device scan. For that reason, Dell said, the team doesn’t think of ISDi as a technology product that should be scaled, although the tools are open source.

“A huge part of this is trying to do stuff safely,” Dell said. “If we give some client the ability to scan their phone and they find spyware and they delete it and their abuser gets mad and kills them, that’s not a good outcome.”

 “We are hopeful that the clinic model, more broadly, can be replicated in other cities and other contexts in terms of being able to have tech experts meet with clients and give them advice,” she added.

NEXT STORY: Don't be the next Capital One

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.