Mandatory South Korean parental control app is a security nightmare

South Korea Smartphone Control

Back in April, South Korea required that wireless carriers install parental control apps on kids’ phones to prevent young ones from seeing naughty content. It sounded wise to officials at the time, but it now looks like that cure is worse than the disease. Researchers at the University of Toronto’s Citizen Lab have discovered 26 security holes in Smart Sheriff, the most popular of these mandatory parental apps. The software has weak authentication, sends a lot of data without encryption and relies on servers using outdated, vulnerable code. It wouldn’t be hard for an intruder to hijack the parent’s account, intercept communications or even scoop up the kids’ personal details. The worst part? Some of these vulnerabilities apply on a large scale, so a particularly sinister attacker could compromise hundreds of thousands of phones at once.

Citizen Lab was quick to notify the South Korean carrier association (MOIBA) that developed the app, and the group claims that the flaws have already been fixed. However, the discoverers aren’t buying that line. They believe that “very little” has been resolved, and that one of the fixes may have created a new hole. Oops. No matter what the scoop is, the findings underscore the risks involved in demanding that providers bundle apps — exploits that normally have a limited impact quickly turn into major issues.

[Image credit: AP Photo/Ahn Young-joon]

Source: Citizen Lab

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On