Amazon is still hosting airport victims data


Amazon will not say whether it is planning to take action against three phone monitoring applications that store groups of individuals’ private phone data on Amazon’s Cloud servers, although Techcrunch giant technology has notified weeks ago that they were hosting the stolen phone data.

Amazon Techcrunch told it that it was “follow -up (operation) after the February River notice, but as of the time of the publication of this article, Chaser Operations in operations, spying, and spaisi continue to download and store images from people’s phones on Amazon web services.

Planetary, spyAnd Spyzie There are three identical Android applications that share the same source code and a joint safety defect, according to a security researcher discovered, and provided details to Techcrunch. The researcher revealed that the operations revealed the phone data on 3.1 million group, many of them are victims who have no idea that their devices have been at risk. Share the researcher data with the breach notice site Have you pwned?.

As part of our investigation in the chase operations, which included the analysis of the same apps, Techcrunch found that some of the contents of the device that were hacked by Stalkerware applications are loaded on the Amazon Web Services storage servers, or AWS.

Teccrunch Amazon on February 20 by e -mail was informed that it hosts the data prepared by Cocosby and SPYIC, and again earlier this week when we also informed Amazon that it was hosting the stolen phone data that was equipped with SPYZIE.

In both email, Techcrunch included the name of each specific storage hosted by Amazon containing data taken from the victims’ phones.

In response, Amazon Ryan Walsh told Techcrunch: “AWS has clear conditions that require our customers to use our services in accordance with the laws in force. When we receive reports on possible violations of our conditions, we are quickly behaving to review and take steps to disable the banned content.” Walsh submit a link to the Amazon Web page that hosts a model To report ill -treatment, but it will not comment on the status of Amazon servers used by applications.

In an email to follow this week, Techcrunch referred to the email on February 20, which included the names of the storage hosted by Amazon.

In response, he thanked the Techcrunch for “drawing our attention to this”, and presented another link to the Malzon reporting model. When asked again if Amazon was planning to take action against the buckets, Walsh replied: “We have not yet received a report on the ill -treatment of Techcrunch via the link we previously submitted.”

Amazon Casey McGEE spokesman, who was copied on the theme of the email, claimed that it would be “inaccurate from Techcrunch to characterize the subject of this topic as (such) that” report “on any possible abuse.

Amazon Web Services, which has a commercial interest in keeping paid customers, has made a profit of $ 39.8 billion during the year 2024, for each. The company’s profits for the year 2024 fullThe majority share of the total annual income of Amazon is.

The storage buckets used by CocOSPY, Spyic, and Spyzie are still active from the time of publication.

Why this matters

Amazon Acceptable use policy It widely shows what the company allows customers to host its platform. Amazon does not seem to ignore it does not allow spyware and chaser programs to download data on the basic system. Instead, the Amazon conflict appears to be completely procedural.

It is not a journalistic mission – or any other person – for the police what is hosted on the Amazon platform, or the cloud platform for any other company.

Amazon has huge resources, financially and technologically, to use them to impose their own policies by ensuring that bad actors are not misused.

In the end, Techcrunch made a notification to Amazon, including information that directly indicates the stolen private phone data sites. Amazon made an option to not behave based on the information it received.

How we found the data of the hosted victims on Amazon

When Techcrunch learns to violate the monitoring data- There have been dozens of infiltrators and leaks in chasing in recent years – We check to learn a lot about the operations as much as possible.

Our investigations can Help in identifying the victims whose phones have been hackedBut it can also reveal identities in the real world hidden in the observation factors themselves, as well as the platforms used to facilitate monitoring or hosting stolen data for victims. Techcrunch will also analyze applications (when available) to help victims Determine how to determine and remove applications.

As part of our reports preparation process, Techcrunch will communicate with any company that we define as hosting or supporting espionage and chase programs, as well as the usual practice of correspondents who are planning to mention a company in a story. Also, it is not uncommon for companies, such as Web hosts and payment processorsTo suspend accounts or remove the data that He violates their service conditionsIt includes Previous spyware that was hosted on Amazon.

In February, Techcrunch learned that CocOSPY and SPYIC had violated and began to investigate more.

Since the data showed that the majority of the victims are Android devices, Techcrunch has begun to identify, download and install CocOSPY and Spyic applications on the virtual Android device. (The apparent device allows us to operate StalkerWare applications in a protected sand box without giving any of the real world applications, such as our site.) Each of the Coxopathies and spying seemed to be identical applications that are not identical and not described as “system service” that tries to evade by mixing with compact Android applications.

We used the network traffic analysis tool to check data that flows inside and outside the applications, which can help understand how each application works and determines the phone that is downloaded back from our test device.

Web traffic has shown that two Stalkerware apps were downloading some victims’ data, such as pictures, to the storage of the name that is hosted on Amazon Web Services.

A screenshot of the browser window that displays an host image on AWS, which reads: "This is evidence that Cocospy still hosts the data of the loaded victims on the Amazon S3 cloud, which was hosted in Cocospymedia.s3.us-West-1.AMAZONAWS.com This image was downloaded via the Corellium phone deepening with CocOSPY."
A picture shot of a picture, hosted on Amazon Web Services, which was downloaded via the virtual Android device is deliberately at risk with Cocospy Stalker tools while investigating Techcrunch. Image credits:Techcrunch

We have confirmed this more by logging into user and Spyic user information boards, which allow people who plant StalkerWare applications to display stolen data. Web information plates allowed us to access the contents of the virtual Android photo gallery once we are deliberately weakened by our apparent device with Stalkerware applications.

When we opened the contents of our device’s photo gallery from the web information panel for each application, the photos were uploaded from the web addresses that contain their graffiti names on amazonaws.com The field, which is run by Amazon Web Services.

After later news about Spyzie data breachTECHRUNCH also analyzed the SPYZIE Android app using the network analysis tool and found that traffic data is identical to CocOSPY and Spyic. The SPYZIE app was similarly to download the victims’ device data to a bucket of storing the same name on Amazon’s Cloud, which was alerted Amazon to 10 March.

If you or anyone you know need help, then the hotline of national violence (1-800-799-7233) provides free support around the clock throughout the week for victims of home abuse and violence. If you are in an emergency, call 911. The alliance against the tools of the chaser It has resources if you think your phone may be at risk with spyware.

Leave a Reply

Your email address will not be published. Required fields are marked *