Paulina Okunytė reports:
KidSecurity, a popular parental control app that’s used to track children, has exposed its activity logs, leaving users’ private data in the hands of threat actors.
With more than a million downloads on Google Play, KidSecurity provides parents with services to track their children’s location, listen to the sounds around the child to ensure safety, and set gaming limits.
On September 16th, researchers discovered that the app failed to configure authentication for Elasticsearch and Logstash collections.
Elasticsearch and Logstash are commonly used tools for logs and event data analysis. Elasticsearch is employed to search, analyze, and visualize large volumes of data. Logstash is a data processing pipeline that collects, processes and forwards events and logs data.
Due to KidSecurity’s oversight, user activity logs were left publicly available to anyone on the internet for more than a month, according to estimates.
Read more at Cybernews.