In early February, a team of researchers discovered a configuration flaw in a group of servers associated with the database of a parental control app, KidSecurity. The data was accessible for more than a year. With close to a million downloads, The app allows parents to track the location of children, control digital interactions and listen to the device's microphone under control.
It's not the first time something similar has happened to them. One year ago, An error in the authentication procedure caused a leak of some 300 Millions of records with data including messages, Names, IP addresses… On this occasion, data has been leaked from GPS locations and related to the specifications that identify it with the phone where the application is installed.
Surprisingly, The way to access sensitive information is to directly access the database system used by the application. Whereupon, With access to the system, you give access to the information transmitted by the application. The researchers received a 456.000 messages during an hour of observation in their investigations.
Fountain: Cybernews