Parental control app filters credentials in plain text

Posted date 24/05/2018

The application TeenSafe, which allows to track the activity of the child with the mobile, had its servers in the Amazon cloud without any access control measure, so anyone could access the information stored in them.
The discovery was made by Robert Wiggins, a researcher specialized in finding information leaks on servers. The hosted information contained the email addresses of parents and children associated with Apple, the name and identifier of the child's device, and plain text passwords associated with the Apple account. With this data, an attacker could see the activity of the minor since to use the app, two factors authentication must be disabled.
Once the company knew that an information leak had taken place, it took the appropriate measures to protect the server and informed the possible affected users.