Parental control app filters credentials in plain text

20/05/2018

The application TeenSafe, which allows to track the activity of the child with the mobile, had its servers in the Amazon cloud without any access control measure, so anyone could access the information stored in them.
The discovery was made by Robert Wiggins, a researcher specialized in finding information leaks on servers. The hosted information contained the email addresses of parents and children associated with Apple, the name and identifier of the child's device, and plain text passwords associated with the Apple account. With this data, an attacker could see the activity of the minor since to use the app, two factors authentication must be disabled.
Once the company knew that an information leak had taken place, it took the appropriate measures to protect the server and informed the possible affected users.

References

20/05/2018

zdnet.com

Teen phone monitoring app leaked thousands of user passwords
21/05/2018

gizmodo.com

App That Allows Parents To Spy On Teens Leaked Thousands Of Passwords
21/05/2018

techspot.com

Child monitoring app leaks thousands of user passwords

Etiquetas