Millions of mSpy Spyware App Customers Exposed via Third-Party Zendesk Chat Support
Published on July 12, 2024
A surprising report came out from a software engineer named Robert Heaton, claiming that Wacom tablet drivers are phoning back home, sending details about what we’re doing on our computers. The man randomly decided to just read the privacy policy during new driver installation, because he wondered why a drawing tablet would need to have a privacy policy in the first place. In there, he found mentions about the automatic collection of information that relates to what the user does on the computer and the processing of this data outside the local jurisdiction of the user.
So, based on what he read, the engineer decided to test what data the driver was sending back to their servers for “processing”. He set up a data exfiltration snooper to monitor the traffic and analyzed it on Wireshark. What he found was that the communication between Wacom and its server was encrypted (TLS/HTTPS), so he had to change the pointing of the program to his proxy server by using a trusty certificate, and also to send everything through Burp Suite. Having done all that, he fired up the Wacom driver again and the stream started flowing in his Burp Suite.
The driver had recorded and was sending information about when it was activated and shut down, when the user opened a new application, what the application's name is, and everything was accompanied by a unique identification string too. A possible explanation for this is that the company wants to figure out what other software products are being used alongside their tablets, but this still doesn’t justify the practice. Aggregating data about what apps we’re using on our personal computers is still a breach of privacy, and the company should warn the users more openly and more clearly about it.
Heaton has figured that there’s a remote kill switch for this data siphoning process, and it’s an XML file on Wacom’s servers. When this is not present, nothing obnoxious happens. However, most of the time, this file is there and the data collection is taking place. If you want to disable the driver from aggregating and sending your data, you may do so locally by opening the “Wacom Desktop Center”, clicking on “more options”, locating the “Wacom Experience Program” and unsubscribing from it. Note that when you update your driver, this setting is going back to “active” by default, so you’ll have to manually set it back to “switched off” every time you update the Wacom driver.