Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App

Kiddoware is the world’s leading parental control solutions company with a wide range of products and  serving over 5 million families worldwide. Kiddoware is committed in helping you to protect your kids while providing you intelligence to be proactive about your childs’ online activities.

Earlier this week, SEC Consult Group identified numerous security flaws in a parental control app called Kids Place, which allowed hackers to access login credentials, send files to a child’s device without parental knowledge, or install malware onto the system. These bad actors were even able to remove all restrictions set on the device and bypass any settings established by the parent.

Dr Klaus Schenk, SVP security and threat research at Verimatrix, commented “The vulnerabilities found in the Kiddowares ‘Parental Control – Kids Place’ app for Android underscores the critical importance of prioritising cybersecurity in both the architecture and design of web servers and applications. The root cause lies in the neglect of basic development principles, highlighting the significance of adhering to secure coding practices.

“Developers should follow reputable security frameworks and cybersecurity tools to support them in building secure applications.

“Prevention tactics include:

  • Thorough security scans and adherence to fundamental principles (e.g., password hashing)
  • Applying security scanning to their web design (e.g., security headers assessment, SSL/TLS configuration audit)
  • Applying app hardening and threat detection technologies to monitor/analyse the app’s functionalities to prevent or flag suspicious behaviours

“The vulnerabilities uncovered in the Kiddowares app are a clear-cut indication that integrating robust security measures at every stage of the app development process in a must. By prioritising security in architecture, design, and development, organisations can protect user data, prevent unauthorised access, and uphold the trust of their users.”