BY DON REISINGER, PCMAG.COM
South Korea’s attempts to keep children safe by requiring parents to monitor their kids with apps may be falling short, according to new research.
Researchers at the University of Toronto’s Citizen Lab found that an Android-based child-monitoring app known as Smart Sheriff, which has been backed by the South Korean government, leaves kids’ devices open to hackers. The researchers say that they have found 26 vulnerabilities in Smart Sheriff, including the ability for hackers to monitor user data, steal it, and potentially change passwords.
In a separate study, Cure53, a software-auditing company, told the Associated Press that Smart Sheriff suffers from “literally no security at all.” Cure53 said a child’s birthday, browsing history, and personal data are readily accessible to hackers.
In April, South Korea insitituted regulations that require all smartphones sold to children to include bundled parental-monitoring software. The Korean Communications Commission chose Smart Sheriff as its desired application, though parents may pick from approximately one dozen monitoring programs. According to the AP, schools recommended that parents download Smart Sheriff, which as of this writing, had approximately 380,000 users.
The security issues allegedly affecting Smart Sheriff seem to show the pitfalls companies can face when they attempt to allow for monitoring of a user’s activity. But according to the researchers, the issues went beyond simple, common security issues in coding.
“The technical issues that were discovered represent fundamental failures to follow commonplace practices for protecting user information and securing the Smart Sheriff application,” researcher Colin Anderson said in a statement on Monday. “With little effort, these vulnerabilities could allow children to bypass parental protections, allow malicious attackers to disrupt access to every user’s device, and interfere with the operations of the service. Such failures demonstrate an inattention to children’s security from the foundation of the application, and, even more concerning, have been open for exploitation for years.”
For its part, Smart Sheriff told the AP that it was made aware of the problems and has addressed the discovered flaws. The application —and the mandatory program to monitor kids—are still supported by the South Korea government. It’s unclear whether that will change in light of the recent security issues.