Aug 31 2012

‘Win 8 Security System’ Another Fake-Antivirus Malware

We discovered another fake antivirus/antimalware tool late in August. The “Windows 8 Security system” claims to detect infections, and displays alerts to scare users into purchasing protection. The real infection, of course, is the Win 8 Security System itself. It’s no surprise that developers of rogue antivirus software are playing up the connection to Windows 8, which Microsoft plans to release at the end of October.

Win 8 Security System is quite similar to fake AV product Windows Ultra-Antivirus and is extremely aggressive and hard to remove. A victim’s system gets infected with Win 8 Security System after visiting an infected website. Recent exploits teach us it is easy to fall victim to rogue software like Win 8 Security System, which extort money from PC owners to “fix” their systems. McAfee Labs recommends disabling Java in your browsers and running your antimalware software with real-time protection enabled. You should also be careful with downloading files from torrents or clicking on email and chat links.

Win 8 Security System will display lots of fake alerts and messages and will show a scan window on each system boot. It will display lots of detections, though it is obvious these are fake.

Win 8 Security System alerts at the Task Bar look like this:

Even though the rogue malware will make sure that your system is compromised–so that you cannot detect and remove the infection–you should be careful of all fake security alerts and fake computer scanner reports.

It is not easy to remove Win 8 Security System. To protect its files, it comes with a rootkit, which is present in: %System%\drivers\[random2].sys, with “random2″ the filename of the rootkit, for example, %System%\drivers\142da10e6b8dcd07.sys.


The malware creates the following registry elements:

  • HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
  • HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1
  • HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000
  • HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\Control
  • HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A
  • HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000
  • HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\Control
  • HKLM\SYSTEM\ControlSet001\Services\fec477ed59233a7a
  • HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1
  • HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000
  • HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\Control
  • HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A
  • HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000
  • HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\Control
  • HKLM\SYSTEM\CurrentControlSet\Services\fec477ed59233a7a
  • HKLM\SYSTEM\ControlSet002\Services\Abiosdsk\Tag: 0×00000003
  • HKLM\SYSTEM\ControlSet002\Services\Abiosdsk\Type: 0×00000001
  • HKLM\SYSTEM\ControlSet002\Control\CurrentUser: “USERNAME”
  • HKLM\SYSTEM\ControlSet002\Control\WaitToKillServiceTimeout: “20000″
  • HKLM\SYSTEM\ControlSet002\Services\NtmsSvc\Parameters\ServiceDll: “%SystemRoot%\system32\ntmssvc.dll”
  • HKLM\SYSTEM\ControlSet002\Services\NtmsSvc\Parameters\ShutdownTimeout: 0×0000753

Values added
HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name: “ec86da9ac566d59f.exe”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\Control\*NewlyCreated*: 0×00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\Control\ActiveService: “a7042b1″
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\Service: “a7042b1″
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\Legacy: 0×00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\ConfigFlags: 0×00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\Class: “LegacyDriver”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1000\DeviceDesc: “ec86da9ac566d59f.exe”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_A7042B1\NextInstance: 0×00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\Control\*NewlyCreated*: 0×00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\Control\ActiveService: “fec477ed59233a7a”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\Service: “fec477ed59233a7a”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\Legacy: 0×00000001
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\ConfigFlags: 0×00000000
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\Class: “LegacyDriver”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A000\DeviceDesc: “ec86da9ac566d59f.exe”
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FEC477ED59233A7A\NextInstance: 0×00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\Control\*NewlyCreated*: 0×00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\Control\ActiveService: “a7042b1″
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\Service: “a7042b1″
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\Legacy: 0×00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\ConfigFlags: 0×00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\Class: “LegacyDriver”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1000\DeviceDesc: “ec86da9ac566d59f.exe”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A7042B1\NextInstance: 0×00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\Control\*NewlyCreated*: 0×00000000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\Control\ActiveService: “fec477ed59233a7a”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\Service: “fec477ed59233a7a”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\Legacy: 0×00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\ConfigFlags: 0×00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\Class: “LegacyDriver”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\ClassGUID: “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A000\DeviceDesc: “ec86da9ac566d59f.exe”
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FEC477ED59233A7A\NextInstance: 0×00000001
Files added
C:\Documents and Settings\XXXXX\Desktop\Buy Win 8 Security System.lnk
C:\Documents and Settings\XXXXX\Desktop\Copy of 495140948.exe
C:\Documents and Settings\XXXXX\Local Settings\Application Data\ec86da9ac566d59f.exe
C:\Documents and Settings\XXXXX\Start Menu\Programs\Win 8 Security System\Buy Win 8 Security System.lnk
C:\Documents and Settings\XXXXX\Start Menu\Programs\Win 8 Security System\Launch Win 8 Security System.lnk
Folders added
C:\Documents and Settings\XXXXX\Start Menu\Programs\Win 8 Security System


Although it is possible to manually remove Win 8 Security System, you can permanently damage your system if you make any mistakes in the process; advanced spyware parasites can often automatically repair themselves if they are not completely removed. Thus, we recommend manual spyware removal only for experienced users, such as IT specialists or highly qualified system administrators. For other users, we recommend your desktop security software. McAfee identifies and deletes this infection as “Win 8 Security System.”

The Win 8 Security System is typical rogue, or fake, antivirus software. After infecting a user’s system, this malware scares its victim into buying the “product” by displaying fake security messages, stating that the computer is infected with spyware or other malware and only this product can remove it after you download the trial version. As soon as the victim downloads Win 8 Security System, it pretends to scan your computer and shows a grossly exaggerated amount of nonexistent threats. Then, Win 8 Security System recommends the victim buy the full version to fix these false errors. If the user agrees, Win 8 Security System not only “fixes” the errors, but it also takes the user’s money and may even install additional spyware onto the victim’s computer.

Thanks to my colleague Niranjan Jayanand for the sample.

Aug 31 2012

Sucuri Security: How Not to Astroturf

A couple of months ago we wrote a post about someone who came to us after several tools had claimed their website was infected with malware. We found that not only were those tools wrong, but that the false positives highlighted major flaws in these tools. One of them was Sucuri SiteCheck, which we found was not bothering to actual scan a file labeled as malicious before falsely labeling the website as being infected. Since then there was an obvious attempt to get people to comment on the post, not on the substance of the post but with praise for Sucuri. We are happy to receive comments that further the discussion of a post, especially if they disagree with us. We are not interested in our blog being filled with off-topic comments and won’t approve them and you won’t see them. One of the comments we received during this was unlike any of the others, it was a long bizarre rant that had all the hallmarks of an attempted astroturfing by a Sucuri employee. It was later confirmed that this was an astroturfing attempt by Sucuri when the COO of Sucuri visited our website and contacted us using the same computer two weeks later. In our reply to them we mentioned the astroturfing, which they didn’t deny. We don’t know if this is a one-off attempt or if this is a common thing for Sucuri, but you should be on the lookout if you are reading something about them. You also have to wonder what other unethical actions Sucuri might also find acceptance to do.

The comment, which can be found in full at the bottom of the post, is a good lesson on what not to do if you are going to attempt to astroturf. To start with the name you use shouldn’t be something that seems so obviously contrived like the name used in this instance, Intriqued Citizen. Then you would probably want to keep your comment short and to the point. Instead the comment was nearly three times longer than the section on Sucuri in the post itself. Would anyone spend that much time with something that they were not deeply involved in? Their comment also seemed quite obsessed with us competing with Sucuri, which doesn’t fit with what we were discussing in the post (nor does it fit with what we actually do). You also don’t want to use a computer that can be determined is from your organization. Most importantly, making a bizarre rant isn’t going to be the way to help you to win over people to your point of view, which is the point of astroturfing.

We are not going to put you through the misery of us analyzing the whole thing, but there were several things that stood out for us and are worth highlighting.

A good of example of the bizarre nature of the whole thing comes in their response to us stating the basic fact that JavaScript files should be scanned for malware when scanning a web page for malware:

And this is based on what? Your extensive experience building malware scanners? Or wait, is it design? Oh no, maybe its Drupal? Oh, no, it must be publicly attacking every company that you disagree with. At least that what someone gets from reading your other nonsense posts.

In the middle of not addressing at all the substance of what they are commenting on is a mention of Drupal, which comes completely out of left field. The blog post makes no mention of Drupal and the website discussed in the post was running WordPress (which can be surmised due to the first part of the post discussing a WordPress plugin). The rest of their comment doesn’t make any mention of Drupal either. We do run Drupal on parts of our website and provide services for Drupal (as we do for a variety of software), so maybe this is some sort of weird anti-Drupal bias? You might expect something like that from a kid, not from a self proclaimed C-level executive.

Another section claims that we use their service:

Why don’t you post all your other findings of when you used it to clean your own clients sites. Come on, don’t lie, you know you use it.

We have never used Sucuri to clean up a hacked website, as we actually do our own work. We have seen the shoddy work they do, so it would also be unethical for us to have ever outsourced the work to them. On a fairly regular basis we have people come to us to clean up a website that Sucuri had previously been hired to clean up, but had been reinfected after their initial cleanup (and in some instances after they did multiple cleanups). There are certainly reasons for that which would not be Sucuri’s fault, but in all of the instances we have dealt with basic parts of a proper cleanup had not been done by Sucuri. This included not doing the most important, but also the most time consuming and difficult, part of a cleanup. We don’t know if this is due to them offering to cleanup websites without knowing how to properly clean them up or if they are choosing to cut corners (they could probably get away with that in many instances), but would you really want to deal with a company that does either one? This is something we will expand on in a follow up post, as Sucuri certainly isn’t alone in not properly cleaning up hacked websites.

Full Comment From Intriqued Citizen (aka Sucuri’s COO):

Wow, so you have obviously put in a lot of effort to get this word out to every one you can as I am seeing this on a number of search engines and Facebook. Either you love them, you are genuinely trying to get the word out, or you’re simply trying to tarnish their reputation by putting out a post that really says nothing. Which is it?

So let’s look at your post:

What appears to have happened is that Sucuri automatically flagged the code based on their signature without actually scanning the JavaScript file for malicious code, which, if their scanner was reliable, would have determined that it was not malicious.

Is this in fact what happened? Did you contact them? Did you ask the question or are you simply talking out of your rear? Did you try to understand how it works or simply look to benefit off their name?

Interesting comment here:

That should be a basic part of scanning the page for malware even if it wasn’t in that odd location or part of a signature.

And this is based on what? Your extensive experience building malware scanners? Or wait, is it design? Oh no, maybe its Drupal? Oh, no, it must be publicly attacking every company that you disagree with. At least that what someone gets from reading your other nonsense posts.

Then there is this:

When you don’t actually scan things for malware before falsely identifying them as malware, you really shouldn’t be calling what you do website malware scanning.

So instead, your recommendation is that they sign up with you? So it appears you’re a competitor or at least trying to play with the big dogs, no? Why would I choose to go with you over Sucuri has a stellar reputation and you have a… umm.. who are you again? Oh that’s right, the guy that bashes everyone and spends money on … umm.. ???

Oh, here is a juicy one:

The more troubling aspect of this for their customers is the fact Sucuri’s idea of protecting websites is detecting that they already have been hacked and then cleaning them up.

Really? That’s their idea? Odd, didn’t see that. Where did you see this? Or, again, are you talking out of your rear?

holy run on sentence batman:

Putting aside the fact for the moment that properly secured websites are highly unlikely to be hacked and that allowing websites to be hacked has consequences even after they are clean again, with a scanner this poor it is unlikely that it will actually do a good job of detecting when website are infected.

So, I’m confused, this sounds like opinion based around what? Your test of one site? Honest question, you think that’s a good objective test from a competitor? Why don’t you post all your other findings of when you used it to clean your own clients sites. Come on, don’t lie, you know you use it.

Alright, let’s look at all your even more ridiculous comments:

Your response to Buck:

At that point it isn’t even actually a malware scanner.

And this is again based on what? Your one test? Not very trustworthy assessment in my opinion, but what do I know.

There is a big difference between perfection and not bothering to actually scan for malware with something claiming to be a malware scanner.

Another empty statement with no facts.

We actually know about security. Not the kind the kind that involves throwing around catchy phrases like “defense in depth” and “security is a process, not a state”, but the kind that deals with the real world.

You do? Based on what? Your ability to detect software is out of date? Good job there turbo.

If people do the things in the article that we linked to at the beginning of the post, then that will prevent the kinds of hacks that are actually causing the average website to be hacked.

Are you serious? The crap in this post: You mean the same shit every other security company offers? Oh my you said sanitize all inputs to avoid SQL injections.. you rockstar you.. again, where was the real value in this post? I get more from reading then I do from that post. But maybe I missed the sheer genius that was going to keep me safe in all that high-level non sense.

(There is more that security community can do to improve security beyond that, but unfortunately many of them are instead focused on pushing products and services that don’t fix the real problems.)

Oh, like this post and every other one that references your services section? Like that you mean?

The solution to this isn’t for people to spend money on an unreliable malware scanner or even a malware scanner that works perfectly. At best a malware scanner would tell you that the website is infected after it already has been infected.

Got it, so if I understand correctly, what you’re saying is, you don’t need a car alarm or a house alarm. As long as you don’t forget to lock the doors, get a blot lock, use a bolt lock on your steering wheel? Is that about right? Just want to make sure I understand this statement.

At that point you need to clean up the infection and secure the website to make sure the infection doesn’t reoccur. We think it is better to secure the website before it can be infected.

Oh but wait, based on what you said, there is no need to clean them up. They should be hardened to prevent this, so suck it up. No?

Your responses to Shaza:

The rest of your comment actually shows that Sucuri is reactionary and not preventative. They only fixed the TimThumb vulnerability on your websiteafter you were hacked.

Awkward, sounds like they only signed up after they were infected. If that’s the case, how would they have cleared the TimThumb issue? Is that what they did? Do you know, or are you talking out of your rear, again?

If you want to pay someone to keep your website secure (and we never suggested you should or shouldn’t do that), then you should find someone who actually does the things that keep websites secure instead of hiring a company that uses a faulty malware scanner to attempt to detect that websites are already infected with malware as you are with Sucuri.

Are you serious here? Did you really just say in your last comment not to go with people that push service or product but then push your own? Come on, that’s just retarded bud

If Sucuri was actually interested in keeping WordPress based websites secure, instead of profiting off them remaining vulnerable, you have to wonder why they haven’t had an effort to get the issues with unresolved plugin security vulnerabilities fixed.

Do you work for them? How do you know they haven’t or aren’t? That’s odd.. : /

Now, let’s see how big your balls are and if you’re really serious about bringing this issue to people’s attention. Go ahead and approve this and respond and let’s have an honest conversation. Not doing so will simply show how much of a slime ball you are putting out false information with no real facts or anything of real value that any one should pay attention to.

Aug 31 2012

Broadcasters Defeat TV Streaming Service

Photo: theogee/Flickr

A federal appeals court is dealing a death blow to an upstart service that streams broadcast television over the internet, ruling that ivi Inc. is not a cable system and therefore is not protected by the Copyright Act.

In a case brought by the major over-the-air U.S. broadcasters ABC, NBC, CBS, Fox and others, the 2nd U.S. Circuit Court of Appeals said those broadcasters do not have to automatically license their content to internet streaming services because ivi is not a traditional “cable” company. The U.S. Copyright Act requires that broadcasters license their content to satellite and cable companies under a regulated pricing scheme known as compulsory licensing — but not to online streaming services such as ivi, which in 2010 began streaming broadcast television shows from the Seattle, Los Angeles, Chicago and New York markets to users across the country for $5 monthly.

The New York-based appeals court ruled:

The absence of a preliminary injunction would encourage current and prospective retransmission rights holders, as well as other Internet services, to follow ivi’s lead in retransmitting plaintiffs’ copyrighted programming without their consent. The strength of plaintiffs’ negotiating platform and business model would decline. The quantity and quality of efforts put into creating television programming, retransmission and advertising revenues, distribution models and schedules — all would be adversely affected. These harms would extend to other copyright holders of television programming. Continued live retransmissions of copyrighted television programming over the Internet without consent would thus threaten to destabilize the entire industry.

Ivi, launched in 2010 in Seattle by entrepreneur Todd Weaver, immediately drew the wrath of broadcasters, who sued.

In its defense, ivi argued that it fits within the statutory definition of a “cable system” under Section 111 of the 1976 Copyright Act, and thus is entitled “to perform plaintiffs’ programming” as long as it makes licensing payments.

Last year, a lower court judge blocked the service. Friday’s decision upholding the lower court likely means ivi won’t go back online unless the Supreme Court gives the service its blessing, making ivi yet another innovative media startup to be shuttered thanks to copyright law.

The case at first glance appears to conflict with a July decision by a New York federal judge who said a company called Aereo could legally stream broadcast television to paying customers without paying any licensing fees. Ivi claimed the same right, too.

But ivi simply retransmitted the signals, and Aero employs what the broadcasters decry as “technological gimmickry” and only transmits New York stations to customers in the New York area.

Aereo’s New York customers basically rent two tiny antennas, each about the size of a dime. Tens of thousands of the antennas are housed in a Brooklyn data center. One antenna — unique to a customer — is used when a customer wants to watch a program in real time from a computer, tablet or mobile phone. The other works with a DVR service to record programs for later online viewing. When a user saves a show, the service creates a unique copy, even though that’s a massive duplication of computer power and storage.

U.S. District Judge Alison Nathan said there were no copyright violations, and refused to shutter Aereo in a suit brought by broadcasters.

“Aereo’s antennas thus reinforce the significance of the copies its system creates and aid the court in finding that Aero does not create mere facilitating copies,” the judge wrote.

The broadcasters claimed the redistribution of the material, without a license, infringed their copyrights because it amounted to Aereo briefly buffering or copying the broadcast and “facilitating” a public performance without permission.

James Grimmelman, a New York Law School intellectual property scholar, wrote in an editorial Thursday that “copyright law hasn’t made sense for years, and Aereo embraced the madness.”

Aug 31 2012

Murder Suspect Allegedly Used GPS Tracker to Find Wife’s Lover

The Little Buddy GPS tracker made by Insignia is marketed as a surveillance tool to keep track of your children. But it’s part of the featured evidence in a murder trial in North Carolina. Image: Courtesy Insignia

A North Carolina man is facing first-degree murder charges after allegedly using a GPS tracker to follow his estranged wife to the home of a man he then shot.

According to testimony provided by investigators in the case, Raul Contreres purchased a Little Buddy GPS tracker at a Best Buy on July 17, 2010, two days before the murder. A friend of Contreres testified that Contreres said he wanted to place the device in his daughter’s backpack in case she got lost, according to the Times-News in North Carolina.

Ad for the Little Buddy Child Tracker on Best Buy’s website.

Because Contreres didn’t own a computer, he and the friend visited an AT&T store the day the device was purchased to make certain that Contreres would be able to track the movement of the Little Buddy device from his mobile phone.

The day of the murder, the friend testified, Contreres called him saying he was having trouble logging into his tracking account on his phone. By the time the friend called Contreres back, the latter said he’d succeeded getting into the account. Two hours after the phone call, Contreres allegedly shot David Wayne Smith in the garage of Smith’s house.

Investigators say they found a Little Buddy tracking device taped inside a recess in the trunk of the car of Contreras’s wife, from whom he’d been separated for several months. They allege he used the device to track her to Smith’s house the night of the murder, then shot his romantic rival.

The use of GPS trackers by private citizens is growing, but there are currently no laws or regulations governing how they can be used.

The U.S. Supreme Court took up a case last year involving law enforcement’s use of GPS trackers to monitor the movement of suspects, which raised numerous questions about how the use of the devices by the FBI and other agencies affects the privacy rights of individuals being tracked.

But the case never addressed the growing use of GPS trackers by private citizens to track each other.

The use of GPS trackers for commercial use has widened in recent years as more devices have become available. Companies have increasingly been marketing them to parents for use in tracking young children out of safety concerns. But the devices can easily be used to spy on someone other than a minor child in order to track their movements surreptitiously, in the manner that Contreres is alleged to have done.