The app, which monitored online activity, was deemed “hopelessly vulnerable” and a “cautionary case study”
South Korea pulled a government-backed child monitoring app called Smart Sheriff on Sunday after two independent security reports raised serious concerns about its safety, as first reported by the Associated Press.
The move puts South Korean officials in an awkward position as the app, built by a company called MOIBA, was funded by the government.
Furthermore, it touches on larger issues of Internet monitoring.
South Korea passed an unprecedented law in April requiring phones sold to minors to be set up with programmes so parents can spy on their child’s Internet activity. While there exist alternative apps, the government actively lobbied for parents to download Smart Sheriff.
Smart Sheriff allowed parents to block certain websites, track how much time their children spend online and even alerted parents if sensitive words appeared in the kids’ messages.
In a report, Canada-based Citizen Lab deemed the following security concerns exploitable: Parental passwords, man-in-the-middle attacks, transport security between the app and servers, user traffic, API authentication and identification, and the ability for arbitrary users to change security settings.
“The Smart Sheriff versions analysed by the researchers stored and transmitted user data insecurely, and did not properly implement industry-standard encryption. This insecurity makes it possible for attackers to monitor data and impersonate both servers and apps to tamper with data. The researchers also found that Smart Sheriff sends browsing data back to MOIBA servers, despite this functionality purportedly being disabled in May 2015 over privacy concerns.”
Cure53 said the first audit in July found 18 security flaws and the follow-up examination revealed only six had been fixed.
In a damning conclusion, Cure53 described the app as “hopelessly vulnerable” and chided MOIBA for misinforming “Citizen Lab and other involved parties when announcing the alleged fixes during numerous email exchanges.”
“It is, therefore, a conclusion of this report that MOIBA’s behavior can be classified as highly irresponsible,” the Cure53 report said before recommending a full discontinuation of the app.
What’s more, after news broke that Smart Sheriff had been pulled off Google’s Play Store, Citizen Lab updated its report, accusing MOIBA of republishing Smart Sheriff under the name ‘사이버안심존’ — which translates to ‘Cyber Safety Zone.’
e27 has reached out to MOIBA regarding the accusation and will update accordingly.
The news reignites a debate about how, and if, governments should actively promote the use of certain applications.
As was the case with Smart Sheriff, which had 380,000 users according to the AP, a stamp of approval from the government boosts user rates. Thus, when an app as flawed as Smart Sheriff is endorsed, a greater number of people will be affected.
Additionally, this app put the private information of children at risk.
Citizen Lab said Smart Sheriff should serve as a reminder that government mandated apps should be put through an exceptionally rigorous process of security due diligence.
“Smart Sheriff should serve as a cautionary case study, as attempts to protect a vulnerable group through a mandated application have ended up actually endangering that very group,” the report concluded.
Image Credit: Shutterstock
The post South Korea pulls child monitoring app amid security concerns appeared first on e27.
from e27 http://ift.tt/1Mbh3YT