So-called "spouseware" (or "stalkerware"), is a million-dollar market that is actively used by abusers to monitor, control, and blackmail vulnerable people. Unscrupulous companies advertise their software as parental monitoring solutions to operate within the law and avoid prosecution.
During this talk, we will give you some insight into this industry, and demonstrate that a lot of these platforms suffer from pretty basic issues that can result in unauthorised access to all monitored devices, and leakage of sensitive data of both the victims and the perpetrators.

What would you do if you knew you could monitor devices that where actively being stalked? Would you commit a crime and listen to them too or would you report the vulnerabilities to the vendor? The same vendor who is actively helping bad actors snoop into other people's devices. The ethical dilemma and the best approach to this situation is way more complex than finding the vulnerabilities of those platforms!

Nowadays most of our digital lives are tightly connected to our mobile phones. Anyone having control over these devices could have complete access of somebody's digital life and be able to track their location in real time.

In this talk, we will show how white labelled vulnerable APIs are used on several platforms and enable multiple abusers to use them to monitor vulnerable people.