Back in April, South Korea required that wireless carriers install parental control apps on kids' phones to prevent young ones from seeing naughty content. It sounded wise to officials at the time, but it now looks like that cure is worse than the disease. Researchers at the University of Toronto's Citizen Lab have discovered 26 security holes in Smart Sheriff, the most popular of these mandatory parental apps. The software has weak authentication, sends a lot of data without encryption and relies on servers using outdated, vulnerable code. It wouldn't be hard for an intruder to hijack the parent's account, intercept communications or even scoop up the kids' personal details. The worst part? Some of these vulnerabilities apply on a large scale, so a particularly sinister attacker could compromise hundreds of thousands of phones at once.