App used by parents to spy on their kids suffers data breach



If you're a parent, you might be familiar with an app called TeenSafe. This is an app that allows Mom and Dad to actually spy on their children and control their online and mobile behavior. The app has a YouTube channel with several videos that show users how to block their kids from using Snapchat and give directions on how to turn the little ones' phones off during a family dinner. The company says it has over a million parents using the service on both the iOS and Android platform.

When we told you that parents can spy on their kids with this app installed, we weren't kidding. TeenSafe allows parents to read all text messages, including ones that were deleted and those sent through a third party app like WhatsApp. Logs of sent and received calls can be retrieved from a child's handset, along with the list of contacts on the phone. Browsing history and bookmarks can be obtained, and no matter where they go, the young ones can't hide; real-time tracking will pass location data over to the parents. And the grownups can track all of this information without getting consent from the kids.

But today's news is really not about the app's features. It appears that TeenSafe's servers were hosted by Amazon's cloud service and were accessible to anyone without requiring a password. According to Robbie Wiggins, a security researcher in the U.K., two servers belonging to the company were leaking. While one of the servers only dealt with test data, the other one contained the parent's email address associated with an account, the Apple ID email address belonging to the child, the child's device name and its UDID number. It also stored the password to the child's Apple ID in plaintext.

TeenSafe requires that two factor authentication be disabled, which means that using the leaked information, a hacker could access a child's account and collect personal data and content. The company's website says that encryption is used in case of a data breach, although that doesn't seem to have worked in this case.

TeenSafe has started to alert all of the subscribers involved. 10,200 records from the last three months were in that server, although some of the records were duplicates.



source: ZDNet

FEATURED VIDEO

5 Comments

1. iPhoneFanboy

Posts: 286; Member since: Apr 21, 2018

Serves them right

2. WPX00

Posts: 511; Member since: Aug 15, 2015

I've always believed in the simple truth that if you can't leave your kid and trust that he/she wont do anything too stupid, then your kid shouldn't have a phone at all. Plain and simple.

3. sissy246

Posts: 7035; Member since: Mar 04, 2015

Well said, exactly

4. skyline88

Posts: 697; Member since: Jul 15, 2013

serve them right and spot on!

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.