Rogue Korean child-monitoring app is back, researchers say

September 11, 2017 by Youkyung Lee And Raphael Satter
In this May 15, 2015 file photo, a promotional banner of mobile apps that block harmful contents, is posted on the door at a mobile store in Seoul, South Korea. The banner reads: "Young smartphone users, you must install apps that block harmful content." A South Korean child-monitoring smartphone app that was removed from the market in 2015 after it was found to be riddled with security holes has been reissued under a new name and puts children at risk, researchers said Monday, Sept. 11, 2017. (AP Photo/Lee Jin-man, File)

A South Korean child-monitoring smartphone app that was removed from the market in 2015 after it was found to be riddled with security flaws has been reissued under a new name and still puts children at risk, researchers said Monday.

The app "Cyber Security Zone" is part of efforts to curb what authorities consider excessive cellphone use by young people. Parents are required by law to install monitoring software on smartphones for all children 18 and under.

The app is almost identical to a previous system, "Smart Sheriff," which left children's private information vulnerable to hackers, according to Internet watchdog Citizen Lab at the University of Toronto. Both were developed under the auspices of MOIBA, the industry association for South Korean cellphone service providers.

"The flaws in the apps open the door to possible breaches of sensitive information including passwords, phone numbers, and other user data," Citizen Lab said in a statement.

"Smart Sheriff" was intended to send alerts to parents if children swore or talked about sex, bullying or feeling depressed. But experts were scathing about its lack of . Cure53, a German auditing firm, called the program "fundamentally broken."

Citizen Lab and Cure53 say the app appears to have been rebranded as "Cyber Security Zone"—the equivalent of putting a fresh coat of paint on a dangerous old clunker.

"Users are being misled," said the Citizen Lab report.

MOIBA denied the two systems were the same and an official of the group said a review by the government's Korean Internet & Security Agency found security for "Cyber Security Zone" satisfactory.

"We cannot agree to the opinion that the application was not developed with security in mind," said the official, Noh Yong-lae.

Noh said MOIBA cut ties with the developer of "Smart Sheriff" and hired another company to update and develop apps.

KISA officials who looked at the Citizen Lab report said their agency's audit failed to catch at least one security lapse: the app's developer had not encrypted a key to the password. That stemmed from the app's design.

"They should not have built the app this way," said Kim Chan-il, a KISA manager. He said the government and MOIBA should make sure to hire developers who pay attention to security and have enough time to build an app.

An audit by KISA "does not guarantee security against all weaknesses," Kim said.

Rates of smartphone and internet use in South Korea are among the world's highest. The government operates filters to block access to pro-North Korean websites and material deemed pornographic.

South Korean authorities believe monitoring and censoring children's smartphone use is part of the state's duty to protect teenagers against harmful content such as pornography.

There is broad public support for the government to stop online behavior that is deemed to be an addiction. The government spends public money to help users break habits of excessive computer gaming and internet use.

The backlash to "Smart Sheriff" prompted the government to ease enforcement by proposing a bill in parliament that would allow parents to opt out of installing a monitoring device.

The proposal "shows the government acknowledges its original position was wrong, but it's not enough," said Kelly Kim, general counsel at OpenNet Korea, a civic group, who co-authored the Citizen Lab report. "The mandate is unconstitutional and should be abolished."

The child surveillance apps are part of a "clean internet" campaign launched by the government with MOIBA since 2013. MOIBA received nearly 963 million won ($853,000) this year for the campaign.

The South Korean telecom regulator, Korea Communications Commission, has promoted the two apps developed by MOIBA among teachers, parents and students.

Despite that, the app has received many negative reviews. The children's version has been downloaded about 6,000 times and the parent version about 30,000 times.

A commission official, Kwon Man-sub, said if new security risks are found, the government is willing to review them.

"By law, we have a duty to protect juveniles," Kwon said.

Explore further: South Korea pulls plug on child monitoring app

Related Stories

South Korea pulls plug on child monitoring app

November 1, 2015

The most widely used child surveillance app in South Korea is being quietly pulled from the market after security specialists raised serious concerns about the program's safety.

South Korea considers opt out for child monitoring app

November 20, 2015

South Korea is deciding whether it will allow parents to opt out of installing a monitoring app on their children's smartphones following criticism the system encourages a surveillance culture and has security flaws.

APNewsBreak: South Korea-backed app puts children at risk

September 21, 2015

Security researchers say they found critical weaknesses in a South Korean government-mandated child surveillance app—vulnerabilities that left the private lives of the country's youngest citizens open to hackers.

US blames North Korea for series of cyberattacks

June 14, 2017

U.S. officials are blaming the North Korean government for a series of cyberattacks dating to 2009 against media, aerospace, financial sectors and infrastructure in the United States and around the world.

South Korea beefs up cyber security

July 4, 2013

South Korea on Thursday said it would double its cyber-security budget and train 5,000 experts amid growing concern over its vulnerability to attacks it blames on North Korea.

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.