Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram youtube

Explore

SECTIONS

MORE

search button

Parental control apps not as secure as you might think

A pair of researchers at SEC Consult Vulnerability Lab have found that a wide range of parental control apps on Android devices are remarkably insecure.

user iconReporter
Thu, 29 Dec 2022 Security
Parental control apps not as secure as you might think
expand image

Writing on the SEC Consult blog, researchers Fabian Densborn and Bernhard Gründling explain that while their research is not the equivalent of a full security review, even casual observation has revealed a lot for parents to worry about.

The apps were first studied via static analysis, using the mobile security framework MobSF. Dynamic analysis was achieved by installing various parental control apps on a rooted Google Pixel 4a with Android 11. Where apps also had a web dashboard to remotely control devices, they too were looked at.

The researchers do not point out which vulnerabilities were found on which app in particular, and they go out of their way to point out that all vendors have been notified of the findings, and that fixes should be issued soon.

============
============

The findings, however, are quite damning.

  • One app allowed an API to read a list of installed apps and other metadata.
  • Two apps made an attack against the hosting device possible via a JavaScript payload. These devices could then take advantage of the app’s web dashboard to circumvent restrictions or gain access to a parent’s credentials.
  • All of the apps could be simply bypassed by changing a device’s settings in Android by simply removing app permissions.
  • Finally, booting an Android device into safe mode disables all third-party apps, including parental controls. Since this also disables internet connectivity, no notification is sent to parents.

In total, all apps had at least one or two vulnerabilities. The exception that stands out is Kids Place Parental Control, which had an alarming five.

The full list of apps tested comprises Boomerang, FamilyTime, Find My Kids, Kidssecurity Parental Control, Kids Place Parental Control, Parental Control Kroha, Qustodio, and Wondershare.

The researchers also point out that many of the vendors behind parental control apps store user data in the cloud, which comes with its own set of security concerns. User data can also be accessed by a number of third domains that may not necessarily be obvious to end users.

“It’s crucial not only for parents to feel safe about their children’s smartphone usage, but also for children to feel comfortable with their parents’ safety measures,” said Bernhard Gründling in the blog post.

Cyber Daily logo
VIEW ALL

At the end of the day, parents need to do proper research into both the apps they wish to use, and the vendors who operate them. Ignorance, in this case, is far from blissful.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA