10.8 C
London
Monday, September 26, 2022

Childcare monitoring apps are ‘dangerously unsafe’, report finds

Must read

Who is Gage Bills? Wiki, Age, Height, Net Worth, Girlfriend, Ethnicity, Career

gage bills is an American social media celebrity and content producer from Pennsylvania, who gained fame through his Tiktok account. Gage has nearly...

Ian grows into a hurricane as Florida begins evacuations and Cuba braces for potential flooding

Ian strengthened into a hurricane Monday as Florida began ordering evacuations this week and preparing for potential flooding.Tornadoes are also possible late Monday and...

These are the industries ripe for innovation under the Inflation Reduction Act • londonbusinessblog.com

With a month In hindsight, we're getting a better idea of ​​what the Inflation Reduction Act will mean for the US economy and the...

Gently’s store aggregator aims to take the friction out of locating second-hand clothing • londonbusinessblog.com

Samuel Spitz is a used clothing enthusiast, but found that he spent hours searching dozens of resale sites to find certain items and came...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Popular daycare and childcare communications apps are “dangerously insecure” according to newly published research, exposing children and parents to the risk of data breaches with lax security settings and indulgent or downright misleading privacy policies.

The details come from a new report from the Electronic Frontier Foundation (EFF), which: published the results of a months-long research project on Tuesday.

The research, conducted by Alexis Hancock, EFF’s technical director for the Certbot project, found that popular apps such as Brightwheel, HiMama, and Tadpoles lacked two-factor authentication (2FA), meaning any malicious actor capable of obtaining a user’s password could log in remotely. Closer analysis of the application code revealed a number of other privacy-damaging features, including data sharing with Facebook and other third parties, that were not mentioned in the privacy policy.

After being contacted by the EFF, Brightwheel implemented 2FA and claims to be “the first in the early education sector to add this extra layer of security.” HiMama reportedly said it would pass the feature request on to its design team, but has not yet implemented the additional security feature. It is unknown if Tadpoles plans to implement 2FA.

Network traffic analysis shows that the Tadpoles app sends data about user events to Facebook.
Image: EFF

Hancock began researching the privacy and security settings of several childcare apps after she was asked to download Brightwheel when she first enrolled her two-year-old daughter in childcare. Hancock told The edge that she initially liked using the app to get updates about her daughter, but was concerned about a lack of security given the potentially sensitive nature of the information.

“In the beginning there was a lot of comfort in seeing [my daughter] during the day, with the images they sent me,” Hancock said. “Then I looked at the app from, huh, I don’t really see security controls that I would normally see in most services like this.”

With a background in software development, Hancock was able to use a range of tools, such as: Apktool and mitmproxy to analyze the application code and examine network calls made by each of the childcare apps, and she was surprised to find some easily fixable errors.

“I found trackers in a few apps. I found a weak security policy, a weak password policy,” Hancock said. “I discovered vulnerabilities that were very easy to fix as I went through some of the applications. Basically just low hanging fruit.”

The new report from the EFF isn’t the first to draw attention to serious flaws in applications trusted to protect children. For years, researchers have raised concerns about security vulnerabilities in baby monitor apps and associated hardware, with some of these weaknesses being exploited by hackers to send messages to children† More broadly, a survey of 1,000 apps likely to be used by children found that more than two-thirds sent personal information to the advertising industry

Hancock hopes reporting on these privacy and security vulnerabilities could lead to better regulation of child-directed apps, but the findings nonetheless worry her.

“As a parent, I felt even more afraid of my child,” she said. ‘I don’t want her to have a data breach before she’s five. I’m doing everything I can to make sure that doesn’t happen.”

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Who is Gage Bills? Wiki, Age, Height, Net Worth, Girlfriend, Ethnicity, Career

gage bills is an American social media celebrity and content producer from Pennsylvania, who gained fame through his Tiktok account. Gage has nearly...

Ian grows into a hurricane as Florida begins evacuations and Cuba braces for potential flooding

Ian strengthened into a hurricane Monday as Florida began ordering evacuations this week and preparing for potential flooding.Tornadoes are also possible late Monday and...

These are the industries ripe for innovation under the Inflation Reduction Act • londonbusinessblog.com

With a month In hindsight, we're getting a better idea of ​​what the Inflation Reduction Act will mean for the US economy and the...

Gently’s store aggregator aims to take the friction out of locating second-hand clothing • londonbusinessblog.com

Samuel Spitz is a used clothing enthusiast, but found that he spent hours searching dozens of resale sites to find certain items and came...

Limit reached – Join the EU Startups CLUB

€147/quarter This option is ideal for companies and investors who want to keep up to date with Europe's most promising startups, have full access...