If you're the kind of parent who wants to spy on everything your kids do, you can force them to install an app like Teensafe, which only works if your kid doesn't use two-factor authentication; you have to give it your kid's device ID and password, so if that data leaks, it would allow anyone to break into your kid's cloud and plunder all their private data.
Naturally, Teensafe stored thousands of parents and kids' usernames and passwords, without encryption, on an insecure server.
The company took the server down after being notified of the security problem by UK security researcher Robert Wiggins.
Most territories do not require that parents obtain their children's consent before spying on them with apps like this.
The database stores the parent's email address associated with TeenSafe, as well as their corresponding child's Apple ID email address. It also includes the child's device name -- which is often just their name -- and their device's unique identifier. The data contains the plaintext passwords for the child's Apple ID. Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child's account to access their personal content data.
Teen phone monitoring app leaked thousands of user passwords [Zack Whittaker/Zdnet]
I'm coming to Halifax to give the closing keynote on day one of Atlseccon on April 24th: it's only my second-ever visit to the city and the first time I've given a talk there, so I really hope you can make it!
Back in 2017, the Norwegian Consumer Council published a damning report on the privacy leaks from kids' "smart watches," a parade of horrors that included allowing unauthorized third parties to trace your kid's location, and also to covertly eavesdrop through the watches' microphones and bark creepy orders at them through their speakers.
The digital age is well and truly upon us, but let’s not forget there’s a load of free TV content floating literally over our heads. No, we’re not talking about the internet. Signals from major broadcast networks are still gratis for anyone who can pick them up with an antenna. And before you envision those […]
Who said LEGO® had to be ground bound? With The Force Flyers DIY Building Block Fly ‘n Drive Drone, you can turn LEGO® and other building-block creations into fully-functional flying machines. It’s available now in the Boing Boing Store for $39.99. This kit comes with everything you need for remote-controlled long distance flight, including a […]
When businesses need big cloud projects done right, they need experts in DevOps. For the uninitiated, that’s shorthand for the framework that allows development and operations teams to work together toward the same goal – not as independent departments with their own agendas. There’s an arsenal of software that has cropped up to help in […]