An app called Teensafe that lets parents keep an eye on their teens' online activity may have leaked the private data of tens of thousands of youngsters. The Apple ID passwords and usernames were stored without encryption on an unsecured server, meaning anyone could access the information without a password, a report has revealed. The app is designed to let parents access their youngsters' web browser history, text messages, call logs and device location. Ironically TeenSafe, which bills itself as a 'secure' monitoring app, requires two-factor authentication to be disabled, so anyone could access the Apple ID accounts using login credentials from leaky servers.
At least one of the app's servers, which was hosted by Amazon's cloud service, could be accessed without a password, according to the report by ZDNet. British security researchers Robert Wiggins who searches for public and exposed data found two servers had been compromised. The database includes the child's device name - which is often just their name - and their unique identifier. Shortly before the server went offline, more than 10,200 records containing customer data were exposed. None of the records contained photos, messages or the locations of either parents or children, the report revealed. However, some of these were duplicates so the actual number would have been less. The passwords for the Apple IDs were stored in plain text although it is not clear why, according to the report.
Credits: http://www.dailymail.co.uk/sciencetech/article-5753349/App-lets-parents-spy-teens-leaked-private-data.html
No comments:
Post a Comment