This top parental control app has some serious security flaws

Sead Fadilpašić

May 17, 2023 at 1:35 PM·2 min read

Your iPhone could soon get a powerful new feature that Android's had for years

A popular Android parental control app carried multiple vulnerabilities which allowed the children to bypass parental controls, and threat actors to install malware or steal sensitive data from the flawed devices.

The app in question is called Parental Control - Kids Place, built by a company called Kiddowares. It has more than five million downloads on Google Play, and offers all kinds of parental control features, from monitoring and geolocation, to internet restrictions and payment restrictions. Parents can also track how their children spend time on the device, and make sure they’re safe from any malicious content.

The findings were outlined in a report from cybersecurity researchers SEC Consult, which is now urging users to update the apps to the latest version immediately.

Deploying malware

Now, SEC Consult’s researchers found versions 3.8.49 and older vulnerable to five flaws.

The first allows threat actors to intercept and decrypt user registration and login data, meaning they could be able to obtain sensitive information such as login credentials.

The second, tracked as CVE-2023-29079, allows for cross-site scripting attacks, which threat actors can use to inject malicious scripts into the dashboard of the parents. The third one, tracked as CVE-2023-29078, is a cross-site request forgery (CSRF) flaw, while the fourth one allows the attackers to send files up to 10MB in size to the child’s device.

> This dangerous Android malware is seeing a huge rise in infections

> Dangerous new 'Hook' Android malware lets hackers remotely control your phone

> These are the best ID theft protection tools right now

This one is particularly dangerous as the files are uploaded to an AWS S3 bucket, where they’re not scanned and could contain malware. The fifth one, tracked as CVE_2023-28153, allows the children (or threat actors) to temporarily remove all usage restrictions. Unless they manually check in the dashboard, the parents won’t know this change occurred.

The researchers said that all versions prior to 3.8.50 are vulnerable, and have urged the users to update, immediately. The patch was released on February 14, 2023.

Here are the best firewalls today

Via: BleepingComputer

Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
4d ago
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
17h ago
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
3d ago
Yahoo Sports
NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in
Not everyone was thrilled with their team's draft on Thursday night.
6d ago
Yahoo Life Shopping
Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you
It's inexpensive, but is it effective? Dermatologists' verdict is in — and it's unanimous.
1d ago
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
1d ago
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
12h ago
Yahoo Sports
The best RBs for 2024 fantasy football according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 season.
2d ago
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
2d ago
Yahoo Sports
Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía
Canelo Álvarez is set to defend his title against undefeated Jaime Munguía on Saturday in Las Vegas.
7h ago
Autoblog
10 cars with paint problems, according to Consumer Reports
Consumer Reports shares the ten vehicles most prone to paint problems, and they span quite an array of models.
1d ago
Yahoo Sports
NBA playoffs: Luka Dončić leads Mavericks in blowout win over Clippers to take 3-2 series lead
Luka Dončić singlehandedly outscored Paul George, James Harden and Russell Westbrook.
2h ago
Yahoo Sports
2024 NFL Draft grades for all 32 teams
While the Falcons baffled everyone, the defending champion Chiefs looked like champs again.
4d ago
Yahoo Sports
Wide receiver rankings for 2024 fantasy football
The Yahoo Fantasy football analysts reveal their first wide receiver rankings for the 2024 season.
2d ago
Yahoo Sports
The expanded 12-team College Football Playoff is here — and it already has problems
There is cause for excitement around the new playoff format. There's also lots of complaints and criticism to go around.
3d ago
Yahoo Sports
MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league
From the Braves to the Marlins, here's where all 30 teams stand after the season's first month.
1d ago
Yahoo Sports
Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46
The Seminoles lost 23-16 to Tennessee in the first-ever BCS title game.
11h ago
Autoblog
These are the most expensive vehicles to gas up
Consumer Reports found that the Toyota Tundra is the most expensive vehicle in America to gas up, with costs nearing $120 per tank.
1d ago
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
12h ago
Yahoo Sports
Korey Cunningham, former NFL lineman, found dead in New Jersey home at age 28
Cunningham played 31 games in the NFL with the Cardinals, Patriots and Giants.
6d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

This top parental control app has some serious security flaws

Deploying malware

Recommended Stories

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

CVS stock plunges after earnings numbers one analyst 'did not even believe'

The best RBs for 2024 fantasy football according to our experts

NFL Draft grades for all 32 teams | Zero Blitz

Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía

10 cars with paint problems, according to Consumer Reports

NBA playoffs: Luka Dončić leads Mavericks in blowout win over Clippers to take 3-2 series lead

2024 NFL Draft grades for all 32 teams

Wide receiver rankings for 2024 fantasy football

The expanded 12-team College Football Playoff is here — and it already has problems

MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league

Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46

These are the most expensive vehicles to gas up

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Korey Cunningham, former NFL lineman, found dead in New Jersey home at age 28