The TeenSafe app on the App Store has been found to expose thousands of email IDs and passwords.
Last year’s WannaCry attack showed the world that no computer in this world is safe from threats. Despite companies pulling up socks to tackle the security issues, hackers often get to discover vulnerabilities in certain systems. But what if an app meant to offer security is so vulnerable that it gives out user’s credentials to anonymous persons on the Internet? Well, a tracking app has just managed to do that and it did that in Apple’s secure ecosystem.
As reported by ZDNet, security researcher Robert Wiggins caught hold of two servers that had credentials of thousands of users of the TeenSafe app — an app that provides parents with the ability to track their teenage kids via their smartphones. The app tracks the location as well as texting habits of children. The app was found to dump unusual data on two Amazon servers. One of them contained what appeared to be test data whereas the other one contained credentials of most of the users of the app. The data was found to hold email IDs of the parents as well as Apple ID’s of the kids along with the passwords.
The password data was stored in plain text, which makes it easy for anyone with malicious intentions in the world to hack into someone’s account and steal all information. However, post the reporting of the incident, TeenSafe assured ZDNet that they shut down the affected server and even informed all the potential affected users. The developer is also investigating the issue and has promised to fix the issue pretty soon.
This gives us a clear idea as to why we must always be cautious of any data that our smartphones possess. For a hacker, even a child’s phone is a treasure trove of data that can be used against their will. In this case, it was surprising that such an incident took place on Apple's ecosystem, which is considered to one of the most secure platforms in the world. However, do note that TeenSafe requires turning off the two-factor authentication for it to work properly, which compromises the security of the user’s data on the device.
While there’s nothing much that users could have done here, it comes on to app developers to ensure that maintain the security of their users’ data. Developers should undertake routine inspection of their systems or conduct bug bounty programs to eradicate any kind of threat from their service.