Parenting can be a challenging task, especially in this digital age where teens' lives revolve around technology, internet, social media and gadgets. Seeing this as an opportunity, a Los Angeles, Calif.-based company launched an app called TeenSafe that claims to offer "secure" monitoring service on Android and iOS devices.
TeenSafe allows parents to monitor their child's smartphone activities, including texts (iMessage and WhatsApp, too), real-time location, calls, web browsing history, apps installed, and location history. It claims to have more than a million parents using its service. But there's just one problem (besides TeenSafe being alarmingly creepy and invasive) – TeenSafe failed to protect the data stored on their servers.
ZDNet reported the breach on Sunday, wherein a UK-based security researcher Robert Wiggins discovered that two of TeenSafe's servers hosted by Amazon's cloud service were left completely unprotected. The kind of data stored on these servers made this breach a highly sensitive matter.
"We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted," a TeenSafe spokesperson told ZDNet.
But how does that justify storing an exposed database of about 10,200 records on the server without any encryption or even hashing. According to the report, the server had stored parents' email address used for a TeenSafe account, their child's email address associated with the Apple ID and passwords of the kids' Apple ID accounts.
Since the app requires two-factor authentication be turned off, the exposed server had everything a malicious actor would need to hijack a kid's account. It's even more concerning that the kids are mostly unaware of their parents using TeenSafe to spy on them, making them completely oblivious to the problem.
After all, TeenSafe says it doesn't require teens to give their consent to use the service. Even though it encourages parents to keep their children in the loop, it's not a legal constraint even if parents skip the awkward talk.
If you haven't informed your kids about TeenSafe, now would be a good time to start. Or parents can play smart and advise them to change their passwords for Apple ID and other accounts linked to the phone.