TeenSafe, a texting monitor app for parents, has leaky servers
A UK-based security researcher has found two unprotected servers on Amazon Web Services belonging to texting monitor app TeenSafe. At least one server was shut down when ZDNet told TeenSafe about what it knew.
Robert Wiggins was the one who found and passed along knowledge of the vulnerability to the publication. Data on one server is believed to have been generated from tests. The other server contained not just email addresses of parents signed on with TeenSafe, but the child’s device serial identifier, the Apple ID email address and the plain-text password — ZDNet was able to verify a small sample of them. 10,200 such records were found, though some were duplicates. No message content was found, the error codes were found pertaining to issues like lost GPS location.
It’s currently not known if other servers are currently as easily exposed. The company claims to serve at least 1 million clients and also claims to encrypt the data it receives. It has Android and iOS apps and does operate under two-factor authentication.
“We have taken action to close one of our servers to the public and begun alerting customers that could potentially be impacted,” said a TeenSafe spokesperson. The company will “provide additional information” at the earliest availability.