The maker of a phone app that is advertised as providing a stealthy means for monitoring all activities on an Android device spilled email addresses, plain-text passwords, and other sensitive data belonging to 62,000 users, a researcher discovered recently.
一名研究人员最近发现,该手机应用程序的制造商是提供一种隐秘的手段,用于监视Android设备上的所有活动溢出的电子邮件地址,普通文本密码以及其他属于62,000个用户的敏感数据。
A security flaw in the app, branded Catwatchful, allowed researcher Eric Daigle to download a trove of sensitive data, which belonged to account holders who used the covert app to monitor phones. The leak, made possible by a SQL injection vulnerability, allowed anyone who exploited it to access the accounts and all data stored in them.
该应用程序中的安全漏洞(品牌catwatchful)允许研究人员埃里克·戴格(Eric Daigle)下载一系列敏感数据,这些数据属于使用Covert应用程序监视电话的帐户持有人。SQL注入漏洞使该泄漏成为可能,允许任何利用其漏洞的人访问帐户和所有存储的数据。
Unstoppable
不可阻挡
Catwatchful creators emphasize the app's stealth and security. While the promoters claim the app is legal and intended for parents monitoring their children's online activities, the emphasis on stealth has raised concerns that it's being aimed at people with other agendas.
Catwatchful Creators强调了应用程序的隐身和安全性。尽管发起人声称该应用程序是合法的,并且旨在用于监督子女在线活动的父母,但对隐身的强调引起了人们对它针对其他议程的人的担忧。
"Catwatchful is invisible," a page promoting the app says."It cannot be detected. It cannot be uninstalled. It cannot be stopped. It cannot be closed. Only you can access the information it collects."
宣传该应用程序的页面说:“ catwatchful是看不见的。”“无法检测到它。它不能卸载。它不能停止。它不能关闭。只有您可以访问其收集的信息。”
The promoters go on to say users"can monitor a phone without [owners] knowing with mobile phone monitoring software. The app is invisible and undetectable on the phone. It works in a hidden and stealth mode."
发起人继续说,用户“可以在没有[所有者]使用手机监视软件的情况下监视手机。该应用在手机上是看不见且无法检测到的。它在隐藏和隐形模式下起作用。”
