Daycare apps may expose children, parents to data breach risk: Report


San Francisco, Jun 22 (IANS): Popular daycare and childcare communication applications are "dangerously insecure", according to a recent analysis, and may put kids and parents at risk for data breaches.

According to a report by the non-profit group, Electronic Frontier Foundation (EFF), popular apps including Brightwheel and HiMama lacked two-factor authentication (2FA), making it possible for any malicious actor with access to a user's password to log in remotely.

Meanwhile, in a reply to the organisation, Brightwheel said that it was rolling out 2FA for all admins and parents and claimed that they were the "1st partner to offer this level of security" in the industry.

"Looking at a number of popular daycare and early education apps, we quickly found more issues than just the lack of 2FA," the organisation said in a report.

"Through static and dynamic analysis of several apps, we uncovered not just security issues but privacy-compromising features as well. Issues like weak password policies, Facebook tracking, cleartext traffic enabled, and vectors for malicious apps to view sensitive data," it added.

As per the organisation, another common trend in many daycare apps is relying on cloud services to convey their security posture. These apps often state they use "the cloud" to provide top-of-the-line security.

"It is crucial that the companies that create these applications do not ignore common and easily-fixed security vulnerabilities," the organisation said.

"Giving parents and schools proper security controls and hardening application infrastructure should be the top priority for a set of apps handling children's data, especially the very young children served by the daycare industry," it added.

The organisation said it calls on all of these services to prioritise the basic protections and guidelines that include making 2FA available for all Admins and Staff, and addressing known security vulnerabilities in mobile applications, among others.

"Those fixes would create a significantly safer and more private environment for data on children too young to speak for themselves. But there is always more that can be done to create apps that create industry benchmarks for child privacy," the organisation said.

 

  

Top Stories


Leave a Comment

Title: Daycare apps may expose children, parents to data breach risk: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.