Family tracking app breach may have let hackers track children's positions

  • A popular app used by families to keep track of their childrens' locations was found to be running an open database with no security, potentially giving hackers access to detailed location data on children.

    In our modern digital age, families are increasingly giving their children access to smartphones and tablets at earlier ages. A smartphone can ensure children are always able to be contacted and help keep them safe, and some parents have taken things one step further by installing a tracking app on their kids' phones to keep tabs on their location in realtime.

    TechCrunch now reports that one of these apps may have been subject to a very serious data breach. The app Family Locator by Australian firm React Apps allowed parents to track their children's phones on a live map and set up notifications when they entered or left certain areas, such as when they leave their school's grounds or get home.

    It now looks like React Apps was storing this information in a completely unprotected database with absolutely no security built in. Anyone who knew the address for the database could read any user's data, which included each user's name, email address, a photo, and their password stored in plaintext. A history of each parent and child's location was also stored in the database.

    No authentication or encryption were used in the database, which is the bare minimum required to secure a user login system. Nobody knows how long the database was lying open to the public like this or who may have accessed it, but hackers could potentially have harvested detailed location data on anyone who used the Family Locator app or used it to track children in realtime.

    TechCrunch reports that it attempted to track down the app's developer for weeks and even bought the business's official records from the Australian Securities & Investments Commission, but could find no information other than the owner's name: Sandip Mann Singh. TechCrunch eventually contacted Microsoft to inform them of the open database being stored on their Azure platform, and Microsoft promptly took the database offline.

    Source: TechCrunch

    About the author

    An article that is attributed to Sync NI Team has either involved multiple authors, written by a contributor or the main body of content is from a press release.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

Share this story