Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Amazon will not say whether it is planning to take measures against three telephone surveillance apps, in which the private telephone data of individuals are stored on Amazon cloud servers, although Techcrunch informed the technical huge weeks earlier with the hosting of the stolen telephone data.
Amazon said Techcrunch that it was “follows [its] Process “after our announcement in February, but at the time of the publication of this article Stalker goods The operations Cocospy, Spyic and Spyzie continue to load and store photos from People’s phones in Amazon.
Cocospy, SpyicAnd Spyzie Are three almost identical Android apps that share the same source code and a common safety error, according to a security researcher who discovered it and provided techcrunch details. The researcher revealed that the operations suspended the telephone data for a collective 3.1 million people, many of whom are victims, without the idea that their devices were compromised. The researcher divided the data with the Breach notification office I became pwned.
As part of our examination of the stalkerware processes, which included the analysis of the apps itself, Techcrunch found that some of the content of a device at risk from the Stalkerware apps was uploaded to storage servers that were carried out by Amazon Web Services or AWS.
Techcrunch notified Amazon on February 20 by e -mail that it organizes the peeling of data by Cocospy and Spyic, and at the beginning of this week when we notified Amazon, stolen telephone data was also hosted by Spyzie.
In both emails, Techcrunch contained the name of every specific Amazon hosted storage store that contains data that was taken from the victims’ cell phones.
In response to this, Amazon’s spokesman, Ryan Walsh, said Techcrunch: “AWS has clear terms in which our customers have to use our services according to the applicable laws. If we receive reports on possible violations of our conditions, we quickly act to check and take measures to deactivate prohibited content. “However, Walsh provided a link to an Amazon website on which an abuse reporting form was hosted, but would not comment on the status of the Amazon servers used by the apps.
In a follow-up email this week, Techcrunch referred to the email on February 20, which contained the Amazon-established storage bucket names.
In response to this, Walsh Techcrunch thanked for the “attention to them” and provided another link to the abuse form from Amazon. When asked whether Amazon is planning to take measures against the buckets, Walsh replied: “We have not yet received a abuse report from Techcrunch via the previously given link.”
The Amazon spokesman Casey McGee, which was copied in the E -Mail -Thread [sic] make a “report” of potential abuse. “
Amazon Web Services, which has commercial interest for binding paying customers, made a profit of 39.8 billion US dollars in 2024. The result of the company’s year as a whole of 2024Representation of a majority share of Amazon’s annual income.
The storage buckets used by Cocospy, Spyic and Spyzie are still active at the time of publication.
Why is that important
Amazon is own Acceptable usage guideline On the whole, the company reveals the customer to host on their platform. Amazon does not seem to punish the fact that it does not provide Spyware and Stalkerware operations to upload data on its platform. Instead, Amazon’s dispute seems to be completely procedural.
It is not the task of a journalist -or someone -to monitor what is hosted on the Amazon platform or on the Cloud platform of another company.
Amazon has large resources, both financially and technologically, to enforce its own guidelines by ensuring that bad actors do not abuse their service.
Ultimately, TechCrunch Amazon gave, including information that indicates the locations of the stolen private phone data. Amazon decided not to react to the information it received.
How we found the data of the victims who are hosted at Amazon
If Techcrunch experiences a surveillance injury in connection with data In recent years there have been dozens of stalkerware hacks and leaks – We examine to learn as much about the operations as possible.
Our investigations can Help with the identification of victims whose telephones were hackedBut the often hidden real identities of the surveillance operators themselves can uncover and with which platforms the monitoring facilitates or the stolen data of the victims. Techcrunch will also analyze the apps (if available) to help the victims Determine how to identify and remove the apps.
As part of our reporting process, Techcrunch turns to a company that we identify as a hosting or support of Spyware and stalker goods operations, as well as the standard practice for reporters who want to mention a company in a story. It is also not unusual for companies, such as Webhosts and payment processorsTo suspend accounts or remove data that violate your own terms of useincluding Earlier Spyware processes hosted at Amazon.
In February, Techcrunch learned that Cocospy and Spyic had been injured, and we wanted to investigate ourselves.
Since the data showed that the majority of the victims were Android device owner, Techcrunch began identifying, downloading and installing the Cocospy and Spyic apps on a virtual Android device. (A virtual device enables us to carry out the stalkerware apps in a protected sandpit without specifying the data in the real world and our location such as our location.) Both Cocospy and Spyic appeared as identical looking and inconspicuous apps called “System Service”, who try to discover the detection by inserting themselves into the integrated apps of Android.
We used a tool for network traffic analysis to check the data that flow into the apps to understand how every app works and to determine which telephone data is secretly uploaded by our test device.
The web traffic showed that the two stalker goods apps have uploaded some data from the victims like photos that are hosted in the Amazon web services.
We have further confirmed this by registering with the Cocospy and Spyic User Dashboards with which the people who attach the stalkerware apps can display the staled data of the target. With the web dashboards we were able to access the content of the photo gallery of our virtual Android device as soon as we had intentionally endangered our virtual device with the stalkerware apps.
When we opened the content of the photo gallery of our device from the web dashboard of the individual apps, the images from web addresses that contain their respective bucket names were loaded on the hosted bucket name. amazonaws.com Domain, which is carried out by Amazon Web Services.
After later news about Spyzie’s data violationTechcrunch also analyzed the Android app from Spyzie using a network analysis tool and found that the traffic data is identical as a cocospy and Spyic. Similarly, the Spyzie app has uploaded the victims’ device data to their own name -stove -Speicher -bucet in the Cloud of Amazon, on which we alerted Amazon on March 10.
If you or someone you know need help, the national hotline for domestic violence (1-800-799-7233) offers the victims of domestic abuse and violence around the clock free, confidential support. If you are in an emergency situation, call 911. The Coalition against stalker goods Has resources if you believe that your phone was compromised by Spyware.
