Based on a previous Kaspersky report, the privacy of around 32,000 smartphone users was breached by a stalkerware in 2021 and was connected to offline and online violence. After the stalkerware is installed on a victim’s device, the snooping software collects information about the person’s images, conversations, GPS location, and browsing history and sends it to the stalker.
These apps are marketed as software to protect people or track company employees but have mostly been used in abusive relationships.
In that context, Kaspersky unveiled a tool called TinyCheck. The tool detects stalkerware on any device backed by an online hub. The official website dedicated to TinyCheck points out the latest developments and then makes updates on how it can be utilized. Kaspersky developed this solution in 2019 after interacting with a women’s shelter in France, where the victims of stalkerware attacks got help and support.
TinyCheck is an untraceable tool that is easy to use while it gathers evidence on stalkers that invade a smartphone user’s privacy. Anybody can download TinyCheck which could be improved by contributions from all the users.
It is entirely undetectable since it uses an external device known as Raspberry Pi microcomputer to monitor phones instead of getting installed on it directly. That way, criminals and perpetrators do not get to know that their stalkerware is being scrutinized by Kaspersky’s tool.
Related:What You Need To Know About The Raspberry Pi 4?
The TinyCheck hub went live in June 2022 and it offers information about the tool’s applications and is designed to reach out to a team for more enhancement of the solution. Through the platform, Kaspersky actively seeks new partners to help raise awareness about the tool to effectively assist victims of stalkerware.
Notably, TinyCheck never touches a user’s communication data, such as emails and messages while interacting with online IPs and servers to which the device is connected. It has been a fundamental tool for a growing number of NGOs that protect people, especially women, from abusive relationships.
What Is TinyCheck?
By Description, TinyCheck is an open-source tool available on GitHub. It needs a higher technical skillset than just downloading and running any other app made by the Coalition Against Stalkerware’s cybersecurity vendors.
Apps like Malwarebytes for Android are directly installed on a device where they conduct malware scans to find and eliminate all suspicious and dangerous programs. On the other hand, TinyCheck runs independently from a smartphone, on computers such as a Raspberry Pi.
Fundamentally, TinyCheck is perfectly configured to work as a Wi-Fi access point. Once configured and connected to a smartphone, TinyCheck diligently scrutinizes the device’s internet traffic, effectively identifying instances where data is being transmitted to a malicious server, and providing insights regarding the timing and destination of such transmissions.
The head of external relations for Kaspersky, Kristina Shingareva, stated:
“TinyCheck was built with the idea of making it impossible to identify its use via a stalkerware app. The analysis of the checked device is only available to the individual person using TinyCheck with their own equipment. It is not shared anywhere: neither Kaspersky nor any other party will receive this data.”
Shingareva also explained that TinyCheck analyses are executed locally, and the data from these analyses, featuring whole packet capture, logs, and a PDF report, can only be sent to a USB stick that users can connect to save records, or on a computer, whenever TinyCheck is operating on a browser from a remote location.
Although it might be technical for normal users, the value is intensive. When executed correctly, TinyCheck can resolve the issue of a “stalkerware detection dilemma.”
What Is The Stalkerware Detection Dilemma?
For several years, the detection of stalkerware-type apps used a similar model: if a user suspects they have a malicious app in their phone, they download a separate, anti-malware app to look for the malicious app and get rid of it.
That strategy was practical since early stalkerware detection was the duty of individual cybersecurity vendors that were protecting computers from many other cyber threats, including ransomware, malware, and Trojans.
Although the cyberthreat detection model is effective, it assumes a lot about its users. First, assumes that the users have total control of their devices, able to download a separate program independently, and then execute the program with minimal interference.
Secondly, it assumes that the elimination of a cyberthreat is the ideal method of keeping users safe. In reality, such assumptions can be highly dangerous when dealing with stalkerware.
There is a heavy intersection between stalkerware use and domestic abuse. Domestic abusers often use such tools to invade the privacy of their partners, snooping into their emails and messages, pinpointing their GPS location, accessing their web browsing history, and secretly recording phone conversations.
Stalkerware serves as a digital method to maintain control of their partner’s life. Removing these stalkerware apps can cause more harm since it enrages them since their control is cut off. Many domestic abuse victims have inadequate device control to download and execute an anti-malware application on their phones. The abusers control their devices.
Related:Research : Americans Have One of the Biggest Number of Trackers Following Them Online
Also, some of the stalkerware-type apps can reveal a device’s recently installed apps, the notifications delivered to the device, and the device’s screen whenever it is activated, which could pinpoint a victim’s downloaded anti-malware scanner, used the scanner, and eliminated the stalkerware.
Here is the stalkerware detection dilemma: How can individuals ensure safe detection of threats when the act of detecting itself could potentially lead to further harm?
A question has dominated many conferences but Kaspersky strived to find a solution. Kaspersky researcher Félix Aimé was inspired by the opportunity and he eventually came up with the TinyCheck concept. This tool has gained new features in recent months and has seen an incredible adoption rate.
Although TinyCheck has an extensive technical bar for use, it can assist in addressing a critical gap. Shingareva believes that advocate networks and non-governmental organizations devoted to protecting domestic abuse survivors must be heavily involved in the advancement of TinyCheck. With this tool that helps fight against stalkerware threats, the future seems bright.