Re­searchers: New S. Korean child-mon­i­tor­ing app flawed

Orlando Sentinel - - NATION & WORLD - By Youkyung Lee and Raphael Sat­ter

SEOUL, South Korea — A South Korean child­mon­i­tor­ing smart­phone app that was re­moved from the mar­ket in 2015 af­ter it was found to be rid­dled with se­cu­rity flaws has been reis­sued un­der a new name but it still puts chil­dren at risk, re­searchers said.

The app “Cy­ber Se­cu­rity Zone” is part of gov­ern­ment ef­forts to curb what au­thor­i­ties con­sider ex­ces­sive cell­phone use by young peo­ple. Par­ents are re­quired by law to in­stall mon­i­tor­ing soft­ware on smart­phones for all chil­dren 18 and younger.

The app is al­most iden­ti­cal to a pre­vi­ous sys­tem, “Smart Sher­iff,” that left chil­dren’s pri­vate in­for­ma­tion vul­ner­a­ble to hack­ers, ac­cord­ing to in­ter­net watchdog Cit­i­zen Lab at the Univer­sity of Toronto. Both were de­vel­oped un­der the aus­pices of MOIBA, the in­dus­try as­so­ci­a­tion for South Korean cell­phone ser­vice providers.

“The flaws in the apps open the door to pos­si­ble breaches of sen­si­tive in­for­ma­tion in­clud­ing pass­words, phone num­bers, and other user data,” Cit­i­zen Lab said in a state­ment Mon­day.

“Smart Sher­iff” was one of a fam­ily of apps in­tended to mon­i­tor chil­dren’s online be­hav­ior. Some, like Smart Sher­iff, act as fil­ter­ing or block­ing tools, while oth­ers send alerts to par­ents if chil­dren swear or talk about sex or bul­ly­ing.

The apps have raised pri­vacy ac­tivists’ hack­les, but ex­perts have also been scathing about their lack of se­cu­rity. Cure53, a Ger­man au­dit­ing firm, said in 2015 that Smart Sher­iff was “fun­da­men­tally bro­ken.”

Cit­i­zen Lab and Cure53 now say the app ap­pears to have been re­branded as “Cy­ber Se­cu­rity Zone” — the equiv­a­lent of putting a fresh coat of paint on a dan­ger­ous old clunker.

“Users are be­ing mis­led,” said the Cit­i­zen Lab re­port.

MOIBA de­nied the two sys­tems were the same and an of­fi­cial of the group said a re­view by the gov­ern­ment’s Korean In­ter­net & Se­cu­rity Agency found se­cu­rity for “Cy­ber Se­cu­rity Zone” sat­is­fac­tory.

“We can­not agree to the opin­ion that the ap­pli­ca­tion was not de­vel­oped with se­cu­rity in mind,” said the of­fi­cial, Noh Yong-lae.

Noh said MOIBA cut ties with the de­vel­oper of “Smart Sher­iff” and hired an­other com­pany to up­date and de­velop apps.

KISA of­fi­cials who looked at the Cit­i­zen Lab re­port said their agency’s au­dit failed to catch at least one se­cu­rity lapse: the app’s de­vel­oper had not en­crypted a key to the pass­word.

“They should not have built the app this way,” said Kim Chan-il, a KISA man­ager. He said the gov­ern­ment and MOIBA should make sure to hire de­vel­op­ers who pay at­ten­tion to se­cu­rity and have enough time to build an app.

An au­dit by KISA “does not guar­an­tee se­cu­rity against all weak­nesses,” Kim said.

Rates of smart­phone and in­ter­net use in South Korea are among the world’s high­est. The gov­ern­ment op­er­ates fil­ters to block ac­cess to pro-North Korean web­sites and ma­te­rial deemed porno­graphic.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.