Parental Control App Revealed To Have 26 Security Flaws

In April 2015, South Korean parents were required to install parental control apps on their children’s phones. However, researchers from the University of Toronto's Citizen Lab were able to catch no less than 26 security holes from the parental control apps.

The app, named “Smart Sheriff,” is deployed by the MOIBA, South Korea’s mobile carrier association. Citizen Lab had reached out to MOIBA to alert them of the app’s vulnerabilities, and the Canadian security research was assured by the South Korean carriers that the vulnerabilities have been patched. However, as Engadget notes, “very little” has actually been resolved, and in fact, the carriers may have actually opened bigger security holes with their moves.

For Citizen Lab, however, the security vulnerabilities for Smart Sheriff have been outlined on their full report.

For parents who want to know more what the security vulnerabilities in Smart Sheriff imply, these are the possibilities if the 26 holes were exploited:

-Data from the children’s accounts could be harvested.

-Parents’ credit card information, especially if their kids have extension accounts, could be stolen.

-Both of these could be used for identity and credit card theft.

In the USA alone, identity theft creates issues that could turn into decades of damage for the victims. Victims’ credit ratings plummet, which would compromise their financial and career health. Victims could be denied of student loans and housing credit, and mortgage could become a nightmare for them. What is worse, a good number of companies now rely on credit rating as part of their screening process for prospective hires.

A more chilling side to the identity theft phenomenon in the US is that ID thieves could be so unscrupulous as to resort to stealing children’s SSID numbers. Some parents find out only too late that their kids’ ID’s have been compromised, rendering them ineligible for college loans and other benefits. What is worse is that some forms of ID theft include healthcare theft. The latter is the most malevolent, as mix-ups in records could prove lethal. Wrong medications and medical treatment could stem from erroneous or misrepresented medical histories. The malevolent possibilities are endless in ID theft, and it could start with data stolen from a phone, remotely.

With the Citizen Lab report out in the open, and with the university researchers having reached out to the MOIBA, the ball is now the South Korean carriers’ court. Hopefully, they will do something to actually patch the 26 vulnerabilities.

Read more of the University of Toronto's Citizen Lab security report for Smart Sheriff here: https://citizenlab.org/2015/09/press-release-security-privacy-issues-in-smart-sheriff-south-korea/