Mandatory South Korean child monitoring app has many security flaws
Last year in April, the South Korean government passed a law that requires new smartphones sold to minors to be equipped with child monitoring app.
The Canadian researchers at Citizen Lab said they discovered 26 critical security flaws in the program “Smart Sheriff,” the mandatory South Korean child monitoring app. In a separate report, the German software auditing company, Cure53 also detailed the similar concerns of the app.
Ron Deibert, Director of the Citizen Lab, said in a statement:
“Parents worldwide have growing concerns about their children’s use of social media and mobile devices. However, this case shows precisely how good intentions can end up seriously wrong — in this case, a government-promoted parental monitoring application actually putting children at greater, rather than less, risk of harm.”
Researchers said children’s birth dates, phone numbers, browsing history and other personal data were being sent unencrypted. It makes stealing the personal information of minors easy for the attackers or hackers.
The security researchers also discovered vulnerabilities in the authentication process of Smart Sheriff. According to them, the app could be easily hacked, turned off entirely and even reprogrammed to send fake alerts to parents.
According to the reports, these several security flaws could be exploited on a large scale and affect all of the application’s 380,000 users at once.
On August 3, the Canadian researchers alerted MOIBA regarding the security flaws. It is the association of South Korean mobile operators that developed and operated the app.
According to a report by the Associated Press, MOIBA has fixed the vulnerabilities found in the mandatory South Korean child monitoring app.
But, the discoverers believe that “very little” has been fixed and one of the fixes may have created a new loophole.
Article Source: Citizen Lab, Cure53