TeenSafe, a facility utilized by parents to keep an eye on the phone activity and online behaviors of their kids, let tens of thousands of accounts to seep out online after falling short to appropriately protect their servers.
As per a ZDNet report, the supposed “secure” activity monitoring application put at least 2 of its servers hoarded on cloud service of Amazon entirely unguarded so anybody who happened to hit upon them could access the data gathered within, no secret codes required.
The unprotected servers that were foremost unearthed by Robert Wiggins, a security researcher, entailed the email addresses of parents with accounts of TeenSafe as well as the email address linked to the Apple ID of their kids. Passwords for the Apple ID accounts of the kids were also obtainable in the database, hoarded in plaintext without hashing or encryption. Also, the server exhibited the name of the device of the kid and the unique identifier of the phone.
The servers did not include any saved content such as messages or photos; however, it places the children in a pretty dangerous place. For the TeenSafe application to function, it needs 2-factor authentication be put out of action. The servers enclosed essentially the entire login details needed for a malicious actor to take control of the account of the kid and commands that the primary way of defense against such an attack be switched off.
Further, ZDNet reported there were around 10,200 records discovered in the server, although it mentioned some were photocopies. The other uncovered database-accumulated test data. It is not apparent if any other servers might have been similarly simple to access and since then, TeenSafe has dragged the unguarded servers offline.
As reported in another article, a group of Mishawaka students has been functioning on an application for phones that would enable the students to put forward tips regarding the potential safety threats.