Korea-Backed Child-Monitoring App Not Exactly Secure

21 Sep 2015 | Author: | No comments yet »

Canadian researchers help uncover problems with South Korean app putting children at risk.

Researchers at the University of Toronto’s Citizen Lab found that an Android-based child-monitoring app known as Smart Sheriff, which has been backed by the South Korean government, leaves kids’ devices open to hackers. According to a recent disclosure by security researchers, critical vulnerabilities have been discovered in South Korean government-backed child surveillance app called ‘Smart Sheriff.’ The ‘Smart Sheriff’ child surveillance app is essentially meant to be an electronic baby sitter.The Canadian researchers at Citizen Lab said they discovered 26 critical security flaws in the program “Smart Sheriff,” the mandatory South Korean child monitoring app.

The researchers say that they have found 26 vulnerabilities in Smart Sheriff, including the ability for hackers to monitor user data, steal it, and potentially change passwords. In a separate report, the German software auditing company, Cure53 also detailed the similar concerns of the app. “Parents worldwide have growing concerns about their children’s use of social media and mobile devices. Smart Sheriff and its fellow surveillance apps are meant to serve as electronic baby sitters, letting parents know how much time their children are spending with their phones, keeping kids off objectionable websites and even alerting parents if their children send or receive messages with words like “bully” or “pregnancy.” In April, Seoul required new smartphones sold to those 18 and under to be equipped with such software — a first-of-its-kind move, according to Korea University law professor Park Kyung-sin. However, this case shows precisely how good intentions can end up seriously wrong — in this case, a government-promoted parental monitoring application actually putting children at greater, rather than less, risk of harm.” Researchers said children’s birth dates, phone numbers, browsing history and other personal data were being sent unencrypted.

The Korean Communications Commission chose Smart Sheriff as its desired application, though parents may pick from approximately one dozen monitoring programs. However, the new report found that children’s personal details and browsing activity were not secure on the app, parental limits could be easily disabled and Smart Sheriff’s design and infrastructure were insufficiently protected.

Security researchers have asserted that, due to authentication weaknesses, ‘Smart Sheriff’ app can be easily hijacked, turned off or tricked into sending fake alerts to parents. The security issues allegedly affecting Smart Sheriff seem to show the pitfalls companies can face when they attempt to allow for monitoring of a user’s activity. The researchers also said that since most of the app’s weaknesses can be exploited at scale, thousands or even all of the app’s 380,000 users can potentially be compromised at once.

But according to the researchers, the issues went beyond simple, common security issues in coding. “The technical issues that were discovered represent fundamental failures to follow commonplace practices for protecting user information and securing the Smart Sheriff application,” researcher Colin Anderson said in a statement on Monday. “With little effort, these vulnerabilities could allow children to bypass parental protections, allow malicious attackers to disrupt access to every user’s device, and interfere with the operations of the service. Such failures demonstrate an inattention to children’s security from the foundation of the application, and, even more concerning, have been open for exploitation for years.” For its part, Smart Sheriff told the AP that it was made aware of the problems and has addressed the discovered flaws.

Here you can write a commentary on the recording "Korea-Backed Child-Monitoring App Not Exactly Secure".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site