Latest in Children

Image credit:

Mandatory South Korean parental control app is a security nightmare

Jon Fingas, @jonfingas
September 20, 2015
Share
Tweet
Share

Sponsored Links

Back in April, South Korea required that wireless carriers install parental control apps on kids' phones to prevent young ones from seeing naughty content. It sounded wise to officials at the time, but it now looks like that cure is worse than the disease. Researchers at the University of Toronto's Citizen Lab have discovered 26 security holes in Smart Sheriff, the most popular of these mandatory parental apps. The software has weak authentication, sends a lot of data without encryption and relies on servers using outdated, vulnerable code. It wouldn't be hard for an intruder to hijack the parent's account, intercept communications or even scoop up the kids' personal details. The worst part? Some of these vulnerabilities apply on a large scale, so a particularly sinister attacker could compromise hundreds of thousands of phones at once.

Citizen Lab was quick to notify the South Korean carrier association (MOIBA) that developed the app, and the group claims that the flaws have already been fixed. However, the discoverers aren't buying that line. They believe that "very little" has been resolved, and that one of the fixes may have created a new hole. Oops. No matter what the scoop is, the findings underscore the risks involved in demanding that providers bundle apps -- exploits that normally have a limited impact quickly turn into major issues.

[Image credit: AP Photo/Ahn Young-joon]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

T-Mobile’s TVision is a cable-cutting package for its mobile customers

T-Mobile’s TVision is a cable-cutting package for its mobile customers

View
Windows 10 update removes Flash and prevents it from being reinstalled

Windows 10 update removes Flash and prevents it from being reinstalled

View
Starlink testers will pay $99 per month for SpaceX's satellite internet

Starlink testers will pay $99 per month for SpaceX's satellite internet

View
Sony is still selling lots of games ahead of the PS5's launch

Sony is still selling lots of games ahead of the PS5's launch

View
Logitech's new $50 ergonomic trackball mouse has Bluetooth LE support

Logitech's new $50 ergonomic trackball mouse has Bluetooth LE support

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr