Child safety app riddled with vulnerabilities: Update now!
2023-5-18 11:0:0 Author: www.malwarebytes.com(查看原文) 阅读量:11 收藏

An app designed to restrict screen time and add a “kids' mode” for children on smart devices has been found to have a broad range of security issues

The app, “Parental Control - Kids Place” is an Android app which is incredibly popular, sporting 5M+ downloads on its Google Play page. In terms of what the app does with user’s data, Play’s Data Safety page has this to say: 

  • No data shared with third parties 

  • Precise location, name and email, installed apps and other actions, crash logs, and device / other IDs may be collected 

  • Data is encrypted in transit 

  • You can request that data be deleted 

Despite this, the five flaws discovered by the SEC Consult researchers would give most parents quite the headache in terms of device, account, and child safety. The explanations given for the various flaws are quite technical. Fear not, because below we’ll explain how these affected app users without wandering into the coding weeds. 

  • Passwords were being stored insecurely, in a way which would be potentially easy for an attacker to crack using automated methods.
  • The parent’s web dashboard was insecure and vulnerable to attack.
  • This same dashboard could be exploited to send download links to the child’s device which could contain malware.
  • Finally, the child could potentially bypass the restriction features without anyone noticing. This last one involves a couple of steps which includes booting into safe mode. While a child may not figure the flow out themselves, it’s the kind of thing which routinely ends up on social media and streaming sites as a “cool hack”. 

The vendor was notified mid-November 2022, with the app creators responding that “most” of the vulnerabilities had been fixed. Several rounds of back and forth communication ensued, with the SEC researchers having to go back and explain that certain issues had still not been addressed by the start of January 2023. 

The vendor again replied that everything had now been fixed mid-February, and this time around the fixes got the job done. 

What does this all mean in practice if you’re a user of this app? Well, good news: the updates did indeed fix the flaws. The way to keep your app and your child safe is to download the latest version of Parental Control - Kids Place from the Google Play store. 

You must be running at least version 3.8.50 in order to be safe from the issues listed above. 

There are no workarounds available to address the five security vulnerabilities if you’re running something lower than this, and you’ll potentially be at risk until you update the app. 

Update all Android apps automatically: 

  • Open the Play Store app 

  • In the top right corner, press the profile icon 

  • Tap Settings > Network Preferences > Auto-update apps 

  • Select “over any network”, or “over Wi-Fi- only” 
     

Update individual apps automatically: 

  • Open the Play Store app 

  • In the top right corner, press the profile icon 

  • Tap Manage apps and device 

  • Tap Manage, and then find the desired app 

  • Tap the app to open the app’s Details page 

  • On the Details page, tap More (typically represented by three vertical dots) 

  • Turn on Enable auto-update 

You may need to restart your device to complete the process. 


We don’t just report on Android security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your Android devices by downloading Malwarebytes for Android today.


文章来源: https://www.malwarebytes.com/blog/news/2023/05/child-safety-app-riddled-with-vulnerabilities-update-now
如有侵权请联系:admin#unsafe.sh