Skip to main content

Family tracking app leaked real-time location data for weeks

Image result for Family tracking apps
Family tracking apps can be very helpful if you're worried about your kids or spouse, but they can be nightmarish if that data falls into the wrong hands. Security researcher Sanyam Jain has revealed to TechCrunch that React Apps' Family Locator left real-time location data (plus other sensitive personal info) for over 238,000 people exposed for weeks in an insecure database. It showed positions within a few feet, and even showed the names for the geofenced areas used to provide alerts. You could tell if parents left home or a child arrived at school, for instance.
This wasn't helped by React's own issues with accountability. Its site had no contact information, and even its WHOIS record masked the email address. Messages through the feedback form turned up nothing. The database didn't go offline until TechCrunch asked Microsoft to reach the developer, who still hasn't said anything about the leak.
It's not clear if anyone beyond Jain or TechCrunch accessed the database.
While the data is safe for now, the incident illustrates a problem with tracking apps as a whole: it's difficult to verify that developers are securing your location info every step of the way. If they don't and there's a breach, it could lead to very real threats that could include physical danger.
Source: TechCrunch

Comments

Popular posts from this blog

Facebook: Our AI failed to catch the New Zealand shooter video

Prime Minister Jacinda Ardern speaks to the house at Parliament on March 19, 2019 in Wellington, New Zealand. London (CNN) Facebook acknowledges its systems failed to catch the livestream video of the New Zealand mosque attack, shedding new light on how the company became aware of the video. In a  blog post late Wednesday evening  the social media company's vice president of integrity, Guy Rosen, wrote that the shooter's video did not trigger Facebook's automatic detection systems because its artificial intelligence did not have enough training to recognize that type of video. The shooter livestreamed 17 minutes of the horrific attack -- which left 50 people dead -- on Facebook. Facebook said when the video was live, fewer than 200 people watched it. The video was later viewed 4,000 times before Facebook took it down. The company hasn't said exactly when it removed the shooter's video. Since the attack, the video has been downloaded and re-uploaded ...