APNewsBreak: South Korea-backed app puts children at risk

21 Sep 2015 | Author: | No comments yet »

APNewsBreak: South Korea-backed app puts children at risk.

SEOUL, South Korea (AP) — Security researchers say they found critical weaknesses in a South Korean government-mandated child surveillance app — vulnerabilities that left the private lives of the country’s youngest citizens open to hackers. In separate reports released Sunday, Internet watchdog group Citizen Lab and German software auditing company Cure53 said they found a catalog of worrying problems with “Smart Sheriff,” the most popular of more than a dozen child monitoring programs that South Korea requires for new smartphones sold to minors. The Smart Sheriff app, available for Android and iPhone, helps to let parents know how much time their children are spending on their phones, and remotely block content. Sometime afterward, Citizen Lab, based at the University of Toronto’s Munk School of Global Affairs, and Cure53, acting on a request from the Washington-based Open Technology Fund, began sifting through Smart Sheriff’s code. Children’s phone numbers, birth dates, web browsing history and other personal data were being sent across the Internet unencrypted, making them easy to intercept.

Researchers also found weaknesses in the authentication process meaning Smart Sheriff could easily be hacked, turned off entirely or reprogrammed to send alerts to parents. “With little effort, these vulnerabilities could allow children to bypass parental protections, allow malicious attackers to disrupt access to every user’s device, and interfere with the operations of the service,” Collin Anderson, an independent researcher, said in a statement. “Such failures demonstrate an inattention to children’s security from the foundation of the application, and, even more concerning, have been open for exploitation for years.” According to the reports the several weaknesses could be exploited on a large scale, affecting thousands or all of the application’s 380,000 users at once. Citizen Lab said it alerted the association of South Korean mobile operators that developed and operated the app, also known as MOIBA, to the problems on Aug. 3.

When contacted Friday, MOIBA said the vulnerabilities had been fixed. “We suspect that very little of these measures taken actually remedy issues that we’ve flagged in the report,” Anderson said, adding that he believed at least one of MOIBA’s fixes had opened a new weakness in the program. Researchers were skeptical about the government-mandated program and should require special scrutiny as it monitor the personal moments of young South Koreans. “This situation raises serious concerns under international human rights law, given the potential of this government-supported mobile application to compromise user privacy, and the widespread adoption of the app as a result of the government mandate,” said Sarah McKune, a senior legal adviser, with The Citizen Lab But he was scathing about some of the other failures uncovered by Citizen Lab, giving the Smart Sheriff’s server infrastructure a security rating of zero out of 10.

Lee Kyung-hwa, a mother of two whose Cyber Parents Union On Net endorses child surveillance, says all the app needs is an upgrade. “If they knew that the apps infect and endanger their children, I don’t think any South Korean parents would want their children to have this monitoring app,” he said. Yoon Jiwon told The Associated Press that she had previously been put off by the way in which the battery-hungry app kept sending her misleading alerts about her sons being bullied, prompting her to cross-examine them about each chat and text message, breeding frustration and mistrust.

Here you can write a commentary on the recording "APNewsBreak: South Korea-backed app puts children at risk".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site