South Korea's mandatory parental control apps for smartphones belonging to children may be endangering the minors.
The move to provide security through this measure may backfire as researchers have discovered a few loop holes. According to researchers from University of Toronto's Citizen Lab, the Smart Sheriff app - which is the most popular mandatory parental app - has nearly 26 security vulnerabilities.
For the unfamiliar, Smart Sheriff enables parents to monitor the time spent by their child on their phone and block the content being seen remotely. The app also alerts the minor's parents if their child receives or sends a message with words such as "pregnancy" or "bully."
The report entitled "Are the Kids Alright? Digital Risks to Minors from South Korea's Smart Sheriff Application" divulges that the software used by the Smart Sheriff app not only transmits unencrypted data, but also has a vulnerable code and deploys outdated servers. As a result, the app is an easy target for hackers who would be privy to communications, access a child's personal details such as their phone number, date of birth, personal history etc. and even the parent's account.
The weakness in the authentication process is also a red flag as this means that Smart Sheriff was susceptible to being hacked, switched off completely and even being reprogrammed to pass on alerts to parents.
The alarming bit is that some of the security loops in the app meant for iOS and Android are on a major scale, which basically means that a hacker looking to wreak havoc can potentially compromise several thousand phones at one go!
"Parents worldwide have growing concerns about their children's use of social media and mobile devices," stated Ron Deibert, director of the Citizen Lab. "However, this case shows precisely how good intentions can end up seriously wrong - in this case, a government-promoted parental monitoring application actually putting children at greater, rather than less, risk of harm."
A separate report by Cure53, a Germany-based software auditing company also corroborated the same concerns.
On Aug. 3, Citizen Lab notified the Korean Mobile Internet Business Association (MOIBA) which developed and operated the application of the concerns. However, it was not sure whether MOIBA addressed the issue and rectified the same.
MOIBA told the AP on Friday, Sept. 18, that it had fixed the security loops.
