A new service is placed by Teensafe by which parents can monitor the online behaviours and phone activity of their children. It also allowed ten of thousands of accounts t leak online after failing to secure their servers properly.
The monitoring app, called “secure” left at least two of its server hosted on Amazon’s cloud service wholly unprotected so anyone who happened to stumble across them will be able to access the information stored within it and most importantly, to get this information no password is needed.
Robert Wiggins, the security researcher, has first discovered the exposed server which contained the email addresses of parents with TeenSafe accounts, as well as they will have complete information about the email address associated with the Apple ID of their children. Therefore, the password for the kids’ Apple ID accounts was also available in the database which is stored in plain text with no encryption or hashing. The important feature about this is that the server also displayed the name of the child’s device and the phone’s unique identifier.
The teenage server didn’t contain any saved content like messages or photos. Therefore, it put the kids in a tight spot. teensafe app to work requires two-factor authentication be disabled. The server contains the login information necessary for a malicious actor to hijack a kid’s account. They also ensure that the primary means of protection against an attack be turned off. Around 10,200 records were found in the server as reported by ZDNet. Therefore it was found that some were duplicate accounts.
The database stored test data were also exposed. The unprotected servers have since been pulled offline by Teensafe, and it is not clear if any other servers may have been equally as secure to access.
We have begun alerting customers that action to close one of the servers to the public that could potentially be impacted, A Teensafe spokesperson told ZDNet.
TeenSafe encourages parents to tell their kids about it but says it’s not that big of a deal legally. BY the way, Teensafe was called as a creepy and invasion services; it also doesn’t require teens to access to use the facilities. It has an incredible amount of data and control to parents.
Parents were access to full conversation sent via SMS and iMessage for the apps which work on Apple or IOS, according to the company’s website, including deleted messages. It shows information about the contacts stored on the device as well as shows all the logs sent and received calls to the parents. Parents can also look at location history and also can track the real-time device location. They can also have browsing bookmarks from a web browser and messages sent through third-party messaging services like WhatsApp and Kik, and most importantly they can also access to their browsing history.
The Teensafe provide youtube pages which are full of guides that helps parents by showing how to do everything from blocking access to individual apps like Instagram and snapchat and shutting down kid’s devices by “taking back to dinnertime”. with black and white footage of a family talking at the dinner table like the good old days, the video for that one also comes complete.
Most importantly, kids today are far less likely to smoke, binge drink (or drink at all), and have sex than most generations before it as found by The CDC’s annual Youth Risk Behavior Surveillance Survey. Given today’s teens are generally pretty well-behaved. Therefore, some of the top features for parents are good enough for better parenting in 2018, but a lot of them seems overreaching.
It seems like TeenSafe doesn’t have a whole lot of faith in teens, it was due to the some of the video title like “who is your child texting” and “is your teen being honest?”. two of the company’s servers sat exposed online, after the revelation. With no use of a password and sensitive information stored in plaintext in Teensafe, maybe parents shouldn’t have much faith in Teensafe.