Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-plugin-hostgator domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ol-scrapes domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114

Warning: Cannot modify header information - headers already sent by (output started at /home4/scienrds/scienceandnerds/wp-includes/functions.php:6114) in /home4/scienrds/scienceandnerds/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home4/scienrds/scienceandnerds/wp-includes/functions.php:6114) in /home4/scienrds/scienceandnerds/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home4/scienrds/scienceandnerds/wp-includes/functions.php:6114) in /home4/scienrds/scienceandnerds/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home4/scienrds/scienceandnerds/wp-includes/functions.php:6114) in /home4/scienrds/scienceandnerds/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home4/scienrds/scienceandnerds/wp-includes/functions.php:6114) in /home4/scienrds/scienceandnerds/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home4/scienrds/scienceandnerds/wp-includes/functions.php:6114) in /home4/scienrds/scienceandnerds/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home4/scienrds/scienceandnerds/wp-includes/functions.php:6114) in /home4/scienrds/scienceandnerds/wp-includes/rest-api/class-wp-rest-server.php on line 1893

Warning: Cannot modify header information - headers already sent by (output started at /home4/scienrds/scienceandnerds/wp-includes/functions.php:6114) in /home4/scienrds/scienceandnerds/wp-includes/rest-api/class-wp-rest-server.php on line 1893
{"id":8413,"date":"2022-06-22T14:44:10","date_gmt":"2022-06-22T14:44:10","guid":{"rendered":"https:\/\/scienceandnerds.com\/2022\/06\/22\/daycare-monitoring-apps-are-dangerously-insecure-report-finds\/"},"modified":"2022-06-22T14:44:12","modified_gmt":"2022-06-22T14:44:12","slug":"daycare-monitoring-apps-are-dangerously-insecure-report-finds","status":"publish","type":"post","link":"https:\/\/scienceandnerds.com\/2022\/06\/22\/daycare-monitoring-apps-are-dangerously-insecure-report-finds\/","title":{"rendered":"Daycare monitoring apps are \u2018dangerously insecure,\u2019 report finds"},"content":{"rendered":"

Source: https:\/\/www.theverge.com\/2022\/6\/21\/23177265\/daycare-apps-dangerously-insecure-eff-brightwheel-tadpole-himama<\/a>
\n
<\/br><\/code><\/p>\n

\n

Popular daycare and childcare communications apps are \u201cdangerously insecure,\u201d according to newly published research, exposing children and parents to the risk of data breaches with lax security settings and permissive or outright misleading privacy policies.<\/p>\n

The details come from a new report from the Electronic Frontier Foundation (EFF), which published the results of a months-long research project<\/a> on Tuesday.<\/p>\n

The research, conducted Alexis Hancock, EFF\u2019s director of engineering for the Certbot<\/a> project, found that popular apps like Brightwheel, HiMama, and Tadpoles lacked two-factor authentication (2FA), meaning that any malicious actor who was able to obtain a user\u2019s password could log in remotely. Further analysis of application code revealed a number of other privacy-compromising features, including data sharing with Facebook and other third parties, that were not disclosed in privacy policies.<\/p>\n

After being contacted by the EFF, Brightwheel implemented 2FA and claims to be<\/a> \u201dthe first in the early education industry to add this extra layer of security.\u201d HiMama reportedly said that it would pass on the feature request to its design team but has not yet implemented the additional security feature. It is not known whether Tadpoles has an intention to implement 2FA.<\/p>\n

\n <\/p>\n

<\/p>\n\"\"<\/p>\n

<\/source><\/picture>\n

<\/span><\/p>\n

<\/span><\/p>\n

Network traffic analysis shows the Tadpoles app sending user event data to Facebook.<\/em><\/figcaption>Image: EFF<\/cite><\/p>\n

<\/span><\/p>\n<\/figure>\n

Hancock started researching the privacy and security settings of various daycare apps after being asked to download Brightwheel when enrolling her two-year-old daughter in daycare for the first time. Hancock told The Verge<\/em> that she initially enjoyed using the app to receive updates about her daughter but became concerned about a lack of security given the potentially sensitive nature of the information. <\/p>\n

\u201cAt first there was a lot of comfort in seeing [my daughter] during the day, with the images they were sending me\u201d Hancock said. \u201cThen I was looking at the app like, huh, I don\u2019t really see security controls I would normally see in most services like this.\u201d<\/p>\n

With a background in software development, Hancock was able to use a range of tools like Apktool<\/a> and mitmproxy<\/a> to analyze the application code and investigate network calls being made by each of the childcare apps, and she was surprised to find a number of easily fixable errors.<\/p>\n

\u201cI found trackers in a few apps. I found weak security policy, weak password policies,\u201d Hancock said. \u201cI found vulnerabilities that were very easy to fix as I went through some of the applications. Really just low hanging fruit.\u201d<\/p>\n

\n