Rogue Korean child-monitoring app is back, researchers say

said braka 8:40 AM
The app "Cyber Security Zone" is part

of  efforts to curb what authorities consider excessive cellphone use by young people. Parents are required by law to install monitoring software on smartphones for all children 18 and under.
The app is almost identical to a previous system, "Smart Sheriff," which left children's private information vulnerable to hackers, according to Internet watchdog Citizen Lab at the University of Toronto. Both were developed under the auspices of MOIBA, the industry association for South Korean cellphone service providers.
"The flaws in the apps open the door to possible breaches of sensitive information including passwords, phone numbers, and other user data," Citizen Lab said in a statement.
"Smart Sheriff" was intended to send alerts to parents if children swore or talked about sex, bullying or feeling depressed. But experts were scathing about its lack of . Cure53, a German auditing firm, called the program "fundamentally broken."
Citizen Lab and Cure53 say the app appears to have been rebranded as "Cyber Security Zone"—the equivalent of putting a fresh coat of paint on a dangerous old clunker.
"Users are being misled," said the Citizen Lab report.
MOIBA denied the two systems were the same and an official of the group said a review by the government's Korean Internet & Security Agency found security for "Cyber Security Zone" satisfactory.
"We cannot agree to the opinion that the application was not developed with security in mind," said the official, Noh Yong-lae.
Noh said MOIBA cut ties with the developer of "Smart Sheriff" and hired another company to update and develop apps.
KISA officials who looked at the Citizen Lab report said their agency's audit failed to catch at least one security lapse: the app's developer had not encrypted a key to the password. That stemmed from the app's design.
"They should not have built the app this way," said Kim Chan-il, a KISA manager. He said the government and MOIBA should make sure to hire developers who pay attention to security and have enough time to build an app.
An audit by KISA "does not guarantee security against all weaknesses," Kim said.


Read more at: https://phys.org/news/2017-09-rogue-korean-child-monitoring-app.html#jCp