A survivor-centric, trauma-informed approach to stalkerware Lodrina Cherne & Martijn Grooten
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
About us
https://bit.ly/blackhatstalkerware
Lodrina Cherne @hexplates she/her
Martijn Grooten
@martijn_grooten
he/they
#BHUSA @BlackHatEvents
Resources: https://bit.ly/blackhatstalkerware
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Content warning: this presentation will discuss intimate partner violence and gender-based violence. National Domestic Violence Hotline: 1-800-799-7233 or www.thehotline.org Or similar hotlines around the world
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Agenda Intimate Partner Violence and Gender-Based Violence Tech Abuse Stalkerware how does it work? how to support someone? what can we all do? https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Intimate Partner Violence Gender-Based Violence
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Intimate Partner Violence (IPV) (also: domestic abuse, domestic violence) CDC: 1 in 3 women 1 in 7 men experience physical violence at the hand of an intimate partner Gender-Based Violence is any violence rooted in exploiting unequal power relationships
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Common misconceptions about IPV Doesn't always involve physical violence Not all survivors are women, not all abusers are men "Why can't she just leave?"
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Tech abuse https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Tech abuse Tech abuse is the use of technology to facilitate IPV "99.3% of domestic violence practitioners have clients experiencing technology-facilitated abuse" (WESNET, Australia)
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Examples of tech abuse Remotely-controllable IoT devices AirTag/Tile and other "Find my" tools Shared social media and/or email password Regular device access Most tech is not built with the IPV threat model in mind!
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Tech abuse resources CETA (Clinic to End Tech Abuse, Cornell University) NNEDV's Tech Safety website WESNET's Tech Safety website Refuge UK's Tech Safety website https://bit.ly/blackhatstalkerware https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware: how does it work?
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware: Tech-Abuse-as-a-Service
Stalkerware is "software, made available directly to individuals, that enables a remote user to monitor the activities on another user's device without that user's consent and without explicit, persistent notification to that user in a manner that may facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence" (Coalition Against Stalkerware)
excludes government/criminal spyware
one-time consent not enough! https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware 101 Installed through physical access to unlocked device Requires no technical skills or cybercrime connections Affordable (~US$25/month) Technically not very advanced Hidden on device Can monitor a lot of activity (phone, browser, messages, location, etc.)
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware on Android Stalkerware is most common on Android Built-in security protections disabled during installation Occasionally rooted for advanced functionality Antivirus probably detects it https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware on iOS
Requires jailbreak so only possible on older and/or unpatched devices
Non-jailbreak "stalkerware" possibilities: iCloud sync iTunes sync Custom keyboard with built-in keylogger
Useful tools: Certo, iVerify https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware on desktop Exists, but less common Device sharing more common for desktops and laptops RATs have been used for IPV
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware: how to support someone?
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Not a technical problem Removing stalkerware isn't always safe or desirable Understand a survivor's threat model Common prevention measures often aren't feasible https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Don't just focus on stalkerware The first rule of stalkerware is that it probably isn't stalkerware Consider other kinds of tech abuse (or non-tech abuse!) as possible causes of surveillance CETA resources and checklists can be very helpful!
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Understand trauma Survivors are often traumatized. This could lead to hyper-vigilance and having concerns that you believe aren't well-founded. This isn't about you. And it's okay for you to ask for help too! Take survivors seriously and empower them
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware: what can we all do?
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Consider the IPV threat model during product design Resources: Privacy Threats in Intimate Relationships (Karen Levy & Bruce Schneier) Five Technology Design Principles to Combat Domestic Abuse (IBM) The Inclusive Safety Project website
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Build connections with IPV advocacy groups You can learn from them. And maybe you can help them too!
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Conclusion https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Stalkerware is a part of tech abuse, which is a part of IPV
Stalkerware is powerful, affordable and available
It is a very real problem, but don't ignore other kinds of tech abuse
Understand traumatized survivors. Understand this is not a tech problem
Consider the IPV threat in product design. Build connections!
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents
Thank you! Eva Galperin, Tara Hairston, NNEDV, WESNET, CETA, Certo Software and all those other people who work together to combat stalkerware, tech abuse and intimate partner violence. And thank you for listening and caring! Resources: https://bit.ly/blackhatstalkerware
https://bit.ly/blackhatstalkerware
#BHUSA @BlackHatEvents