Amazon will not say if it plans to take action against three telephone applications that store the TROVES of the private data of people on Amazon’s Cloud servers, despite the fact that TechCrunch alerts technological giant weeks earlier that it hosts stolen telephone data.
Amazon told TechCrunch that “followed [its] Procedure “Following the announcement of February, but since the publication of this article, Stalkerware Cocospy, Spyic and Spyzie have continued to upload and store photos that have been isolated from people’s phones to Amazon Web services.
Cocospy, Spyic and Spyzie are almost three identical Android applications that share the same source code and a common security error, according to a security researcher who discovered it and provided details to TechCrunch. The researcher revealed that the functions exposed the phone data to a collective 3.1 million people, many of whom are victims without the idea that their devices have been violated. The researcher shared the data with the breach alert website I have passed.
As part of our Stalkerware research, which included the analysis of the applications themselves, TechCrunch found that some of the contents of a device undermined by Stalkerware applications are downloaded to storage servers managed by Amazon Web or AWS services.
TechCrunch informed Amazon on February 20 by emailing that it hosts the data evolved by Cocospy and Spyic again earlier this week, when we alerted Amazon, also hosted stolen phone data outraged by Spyzie.
In both emails, TechCrunch included the name of each particular “bucket” hosted by Amazon, which contains data obtained from victims’ phones.
In response, Amazon’s spokesman Ryan Walsh told TechCrunch: “AWS has clear terms that require our customers to use our services in accordance with applicable laws. When we receive reports of possible violations of our terms, we act quickly to review and take measures to disable.” A link to an Amazon website that hosts an abuse reference form, but will not comment on the status of Amazon servers used by applications.
In a tracking email this week, TechCrunch refers to the previous email on February 20 which included the storage bucket names hosted by Amazon.
In response, Walsh thanked TechCrunch for “bringing this to our attention”, and provided another Amazon reporting link. When asked again if Amazon plans to take action against the buckets, Walsh replied: “We have not yet received a report by TechCrunch through the link we provide earlier.”
Amazon Casey McGee spokesman, who was copied to the e -mail thread, claimed to be “TechCrunch’s inaccurate to characterize the essence of this thread as a [sic] constituting a “report” of any possible abuse “.
Amazon Web Services, which has a commercial interest in maintaining payment customers, earned $ 39.8 billion in profits during 2024, per The profits of the company 2024 of the whole yearwhich represents a majority share in Amazon’s total annual income.
The storage bins used by Cocospy, Spyic and Spyzie are still active since the publication.
Because it matters
His own Amazon Accepted It generally explains what the company allows to accommodate customers on its platform. Amazon does not seem to dispute that it excludes Spyware and Stalkerware to upload data to its platform. Instead, the difference of Amazon seems to be entirely procedural.
It is not the job of a journalist – or anyone else – to police what is hosted on the Amazon platform or the cloud platform of any other company.
Amazon has huge resources, both economically and technologically, to use it to impose its own policies, ensuring that bad bodies do not abuse its service.
In the end, TechCrunch alerted Amazon, including information that immediately shows the sites of private data theft. Amazon made a choice not to act for the information it received.
How did we find the victims’ data hosted on Amazon
When TechCrunch learns of data-related data violation-have been in the last few years-we have been in the last few years-we are studying to learn the work as much as possible.
Our research can help identify victims whose phones have been tired, but they can also reveal the often hidden identity of the surveillance operators themselves, as well as the platforms used to facilitate surveillance or accommodate the stolen data. TechCrunch will also analyze applications (where applications) to help victims determine how applications are detected and removed.
As part of our reporting process, TechCrunch will approach any company we recognize as hosting or supporting Spyware and Stalkerware, such as the usual practice for journalists planning to report a company in a story. It is also not uncommon for companies, such as web hosts and payment processors, suspension of accounts or the abolition of data that violate their own terms of service, including previous Spyware features hosted in Amazon.
In February, TechCrunch learned that Cocospy and Spyic had been violated and we started exploring further.
Since the data showed that the majority of victims were owners of Android device, TechCrunch started recognizing, receiving and installing Cocospy and Spyic applications on a virtual Android device. (A virtual device allows us to run Stalkerware applications in a protected sandbox without either applying in real world, such as our location.) Both Cocospy and Spyic have appeared as identical applications and non -described applications called “System Service” trying to avoid detecting with the mixed applications with the applications. Android.
We have used a network release tool to inspect the data flowing in and out of applications, which can help understand the way in which each application works and determine which telephone data is secretly downloaded from our test device.
Internet traffic has shown that the two Stalkerware applications have been downloaded victims, such as photos, to their nominal storage buckets hosted on Amazon Web Services.
We have confirmed this further by connecting the Cocospy and Spyic control panels, which allow people who plant stalkerware to see the stolen target data. The web control panels allowed us to access the contents of the Android Virtual Photo Collection, when we were deliberately at stake we have at stake in our virtual device with Stalkerware applications.
When we opened the contents of the photo collection of our device from the control panel of each application, the images loaded by web addresses containing the corresponding bucket names hosted in the amazonaws.com Sector, run by Amazon Web services.
Following a news about Spyzie’s data violation, TechCrunch also analyzed Spyzie’s Android app using a network analysis tool and found that the traffic data is identical to Cocospy and Spyic. The Spyzie app also uploaded the data of victims’ devices with its own storage cable to the Amazon cloud, which we alerted Amazon on March 10.
If you or someone you know needs help, the national telephone line for approved violence (1-800-799-7233) provides free 24/7 confidential support to victims of home abuse and violence. If you are in an emergency mode, call 911. Coalition against Stalkerware It has resources if you think your phone has been violated by Spyware.
