TeenSafe , a serve used by parents to monitor the on-line behaviors and phone activity of their tyke , allowed ten of thousands of accounts to leak out online after failing to properly assure their server .
According to areport from ZDNet , the so - called “ secure ” activity monitoring app left at least two of its server hosted on Amazon ’s cloud service completely unprotected so anyone who come about to trip across them could get to the information stash away within , no password needed .
The peril servers , which were first discovered by protection researcherRobert Wiggins , curb the email addresses of parent with TeenSafe chronicle , as well as the email address associate with the Apple ID of their children . Passwords for the kids ’ Apple ID accounts were also available in the database , salt away in plaintext with no encoding or hashing . The waiter also displayed the name of the child ’s gimmick and the speech sound ’s unique identifier .
The servers did n’t contain any deliver content like photos or messages , but it puts the kids in a pretty tough speckle . For the TeenSafe app to workplace , itrequirestwo - factor authentication be incapacitate . The servers contained basically all of the login information take for a malicious worker to hijack a kid ’s bill and mandates that the basal way of aegis against such an onset be deform off .
ZDNet reported there were about 10,200 records found in the server , though it noted some were duplicates . The other exposed database stored tryout data point . It ’s not percipient if any other servers may have been equally as easy to access , and the unprotected servers have since been pull in offline by TeenSafe .
“ We have taken action to close one of our servers to the populace and get alert customers that could potentially be affect , ” a TeenSafe spokespersontold ZDNet .
TeenSafe , by the way , is an improbably creepy and trespassing service . It does n’t necessitate teens to give their consent to apply the service — itencouragesparents to tell their child about it but essentially says it ’s not that vainglorious of a deal legally — and it hands over an incredible amount of data and ascendency to parents .
accord to the company’swebsite , the app , which works for Android and iOS , supply parents access to full conversations transmit via SMS and iMessage — inlcluding cancel messages . It shows log of sent and received calls as well as all contacts stored on the gimmick . Parents can track real - time twist location and expect at location chronicle . It even can suck up browsing history and bookmarks from entanglement browsers and substance sent through third - party electronic messaging services like WhatsApp and Kik .
The TeenSafeYouTube pageis meet with guide that show parent how to do everything from blocking access to individual apps like Snapchat and Instagram to “ taking back suppertime ” by shutting down a kid ’s machine . ( The video for that one comes gross with black and blank footage of a family talking at the dinner party table like the good old days . )
mayhap some of those feature of speech are necessary for parent in 2018 , but a caboodle of them seem outfox , especially feed today ’s teenager are generally pretty well - behave . The CDC ’s annualYouth Risk Behavior Surveillance Surveyfound that kids today are far less potential to smoke , binge boozing ( or drink at all ) , and have sexual urge than most generations before it .
With video recording statute title “ Who is Your Child REALLY Texting ” and “ Is Your Teen Being fair ? ” it seems like TeenSafe does n’t have a whole lot of faith in teens . After the revelation that two of the party ’s servers sat exposed online with no password and tender entropy stored in plaintext , maybe parents should n’t have much organized religion in TeenSafe .
[ ZDNet ]
Datadata privacyleaks
Daily Newsletter
Get the good tech , scientific discipline , and culture news in your inbox daily .
News from the hereafter , rescue to your present tense .
You May Also Like
