Friend
Professional
- Messages
- 2,669
- Reaction score
- 944
- Points
- 113
Parental controls are powerless in the face of the new cyber threat.
A study conducted by AppSec Solutions has identified serious security issues in apps designed for children and parents. An analysis of 37 applications in this category showed their vulnerability to personal data leaks and possible manipulation of content.
AppSec Solutions specialists assessed the security of various types of applications, including educational programs for language learning, applications for developing reading skills and speech therapy, mobile games for children, as well as parental control tools.
The results of the study, obtained by Forbes, point to three main vulnerabilities. The most common vulnerabilities were "storing sensitive information in clear text" - analysts recorded 134 cases. The next most common was "insufficient runtime checking", which was identified in 66 cases. Third place was taken by "data validation errors", recorded 40 times.
The combination of these vulnerabilities could lead to any application on the device being able to obtain the user's password. According to experts, this can happen if the application stores the user's password in clear text and contains a problem with another application reading local files.
Of particular concern is the fact that a runtime inadequate validation vulnerability was found in 36 of the 37 applications analyzed. The company's expert explained that such a vulnerability means the inability of the application to determine the environment in which it runs.
The company also noted that data validation errors found in 22 applications create an opportunity for content manipulation. Attackers can exploit this vulnerability to gain unauthorized access to user screens, read internal files, and open arbitrary addresses. Especially dangerous is that hackers can offer harmful content to a child.
Source
A study conducted by AppSec Solutions has identified serious security issues in apps designed for children and parents. An analysis of 37 applications in this category showed their vulnerability to personal data leaks and possible manipulation of content.
AppSec Solutions specialists assessed the security of various types of applications, including educational programs for language learning, applications for developing reading skills and speech therapy, mobile games for children, as well as parental control tools.
The results of the study, obtained by Forbes, point to three main vulnerabilities. The most common vulnerabilities were "storing sensitive information in clear text" - analysts recorded 134 cases. The next most common was "insufficient runtime checking", which was identified in 66 cases. Third place was taken by "data validation errors", recorded 40 times.
The combination of these vulnerabilities could lead to any application on the device being able to obtain the user's password. According to experts, this can happen if the application stores the user's password in clear text and contains a problem with another application reading local files.
Of particular concern is the fact that a runtime inadequate validation vulnerability was found in 36 of the 37 applications analyzed. The company's expert explained that such a vulnerability means the inability of the application to determine the environment in which it runs.
The company also noted that data validation errors found in 22 applications create an opportunity for content manipulation. Attackers can exploit this vulnerability to gain unauthorized access to user screens, read internal files, and open arbitrary addresses. Especially dangerous is that hackers can offer harmful content to a child.
Source
