The Enemy Inside the Gates: How Stalkerware and IoT Devices are Weaponized in Domestic Abuse

When we think of cybersecurity, our minds often jump to international hacker syndicates, massive corporate data breaches, or identity theft. We picture the threat as an anonymous figure thousands of miles away. However, a growing and insidious branch of cybercrime is dismantling this traditional narrative. For thousands of women globally, the most dangerous cyber threat is not a faceless hacker, but an intimate partner.

The intersection of domestic abuse and consumer technology has created a terrifying new frontier for cybersecurity—one where digital breaches directly equate to physical danger and psychological torment. As our lives become increasingly interconnected, the very tools designed to bring us convenience and security are being weaponized.

This article explores two of the most critical elements of this digital domestic crisis: the rise of “stalkerware” and the manipulation of Internet of Things (IoT) smart home devices.

Part I: The Invisible Panopticon – Understanding Stalkerware

Smartphones are our digital diaries, holding our most sensitive conversations, our financial data, and our real-time locations. When that device is compromised by an intimate partner, it creates an inescapable digital panopticon.

What is Stalkerware? Stalkerware (sometimes referred to as “spouseware” or “creepware”) refers to commercially available surveillance applications that are installed on a victim’s device without their knowledge or consent. Unlike traditional malware designed to steal credit card numbers, stalkerware is designed for absolute interpersonal control and monitoring.

These applications often operate in a legal gray area. They are frequently marketed ostensibly as “child safety” trackers or “employee monitoring” software, which allows them to bypass certain regulatory hurdles. However, their primary use case is overwhelmingly the covert surveillance of intimate partners.

The Mechanics of Control Once a perpetrator gains physical access to a victim’s unlocked phone—often requiring just a few minutes—they can install the software and hide the app icon. From that moment on, the abuser gains terrifying administrative control from a remote dashboard. Capabilities typically include:

• Real-time GPS tracking: Monitoring the victim’s exact location and setting up “geofences” to trigger alerts if the victim leaves the house or goes to a specific location (like a police station or women’s shelter).
• Communication interception: Reading all SMS messages, emails, and even encrypted messages from apps like WhatsApp or Signal by logging keystrokes.
• Media access: Silently viewing the camera roll and saved files.
• Microphone and camera hijacking: Remotely activating the phone’s microphone to listen to ambient conversations in the room, or snapping photos through the camera without triggering the flash or shutter sound.

The Gendered Impact While anyone can be a victim of stalkerware, the statistics surrounding intimate partner violence (IPV) dictate that these tools disproportionately affect women. Domestic abuse is fundamentally about power and control; stalkerware digitizes that control, allowing the abuser to maintain a pervasive, threatening presence in the victim’s life even when they are physically absent.

Part II: The Trojan Horse in the Living Room – Smart Home Abuse

The second alarming trend in technology-facilitated abuse is the manipulation of the Internet of Things (IoT). We have invited internet-connected devices into the most intimate spaces of our homes. While smart locks, internet-connected thermostats, and security cameras offer convenience, they also provide a network of physical control points for a malicious actor.

When the House Turns Against You In relationships characterized by coercive control, or in the volatile aftermath of a breakup, the abuser (who often originally set up the home’s network and holds the master passwords) can weaponize the smart home environment. This form of abuse bridges the gap between digital annoyance and physical harassment.

Common tactics include:

• Smart Locks and Security Systems: Abusers can remotely change the passcodes on smart locks, trapping a victim inside the home or locking them out in the middle of the night. They can also trigger blaring security alarms remotely to induce panic and sleep deprivation.
• Climate Control Manipulation: By hacking or retaining control of smart thermostats, an abuser can plunge the house into freezing temperatures in the winter or turn the heat up to unbearable levels in the summer, creating physical discomfort and an environment of hostility.
• Surveillance via Cameras and Speakers: Indoor security cameras (like baby monitors or living room cameras) are frequently used to monitor the victim’s every move. Smart speakers can be used to “drop in” and listen to conversations or unexpectedly broadcast the abuser’s voice into the home.

The Rise of Digital Gaslighting One of the most psychologically damaging aspects of IoT abuse is its capacity for “gaslighting”—a form of psychological manipulation where the abuser attempts to make the victim doubt their own memory, perception, and sanity.

An abuser might remotely turn lights on and off, change the television channel, or play strange noises through smart speakers, and then deny any involvement when confronted. Because IoT devices can be glitchy by nature, the victim is left in a constant state of paranoia, unsure if the technology is simply malfunctioning or if they are being actively tormented. This invisible harassment creates a home environment that is entirely devoid of safety or peace.

Part III: Moving Toward Detection, Defense, and “Safety by Design”

The fight against stalkerware and IoT abuse requires a fundamental shift in how we view cybersecurity. It requires moving beyond corporate defense and looking at the safety of the individual within their own home.

Detecting the Invisible For victims, detecting stalkerware can be incredibly difficult, but there are red flags:

• Unexplained Battery Drain: Spyware runs constantly in the background, significantly draining the device’s battery.
• Spikes in Data Usage: The software requires an internet connection to send intercepted data (photos, audio files) back to the abuser.
• The Abuser “Knowing Too Much”: Often, the most telling sign is behavioral. If a partner suddenly knows details of private conversations, exact locations visited, or content from hidden messages, the device is likely compromised.

A Critical Note on Safety: Cybersecurity experts strongly advise that victims of domestic abuse do not immediately delete suspected stalkerware. Abusers are alerted when the software goes offline, which can trigger an immediate escalation of physical violence. Victims are encouraged to use a safe, unmonitored device (like a public library computer or a friend’s phone) to contact domestic violence support organizations, who can help safety-plan the removal of the software.

Securing the Smart Home Protecting against IoT abuse requires proactive network hygiene:

• Reclaiming Digital Ownership: During a separation, it is vital to perform a “digital divorce.” This means resetting the primary Wi-Fi router to factory settings, changing the administrator passwords, and re-pairing all smart home devices under a new, secure account that the ex-partner cannot access.
• Auditing App Permissions: Regularly reviewing which accounts have access to smart home ecosystems (like Google Home or Apple HomeKit) and revoking access for unrecognized or former users.

A Call for Industry Accountability Ultimately, the burden of preventing this abuse cannot rest solely on the victims. The technology industry must adopt a “Safety by Design” framework. Device manufacturers must assume that their products could be used by an adversary with physical access to the device and the victim’s passwords.

This means implementing mandatory notifications when another user is accessing a camera feed, requiring two-factor authentication for password changes, and collaborating with anti-stalkerware coalitions to ensure mobile operating systems automatically flag and disable abusive surveillance apps.

Conclusion

Cybersecurity is no longer just about protecting data; it is about protecting physical safety and psychological well-being. The weaponization of stalkerware and smart home devices represents a profound violation of privacy and human rights, predominantly affecting women. By dragging these covert tactics into the light, educating the public on digital hygiene, and demanding accountability from tech developers, we can begin to dismantle the digital panopticon and reclaim technology as a tool for empowerment rather than a weapon of control.