Citizen Lab researchers have found that a South Korean child-monitoring smartphone app removed from market in 2015 because of security flaws was reissued under a new name and continues to put children at risk.
The Washington Post published an Associated Press report on the findings from Citizen Lab, which is located at U of T's Munk School of Global Affairs.
“South Korean authorities believe monitoring and censoring children’s smartphone use is part of the state’s duty to protect teenagers against harmful content such as pornography,” the article stated. “There is broad public support for the government to stop online behaviour that is deemed to be an addiction. The government spends public money to help users break habits of excessive computer gaming and Internet use.”
South Korea is the first jurisdiction in the world to require minors have content filtering applications installed on their mobile phones. One of the most popular child-monitoring apps was Smart Sheriff, which was developed by the Korean Mobile Internet Business Association (MOIBA) with extensive funding from South Korea's telecommunications regulatory body, according to Citizen Lab's latest report on the findings.
In 2015, the internet watchdog group first identified 26 security vulnerabilities with Smart Sheriff that could be used to collect sensitive information from users, take control of user accounts, and disrupt service operations. Following the report, MOIBA released a new version of the application, but it too was found to contain security flaws, at which point MOIBA removed Smart Sheriff from the market.
Citizen Lab says that Cyber Security Zone, which was released as a replacement to Smart Sheriff, is “in fact, a rebranded version of Smart Sheriff” and has many of the same security issues, leaving children's private information vulnerable to hackers.
“Our research shows that the Korean government has sponsored applications that fail to meet basic privacy and security standards, the functionality of the apps go beyond the requirements of the mandate, introducing privacy risks, and the vendor of the apps, MOIBA, has not been transparent with the Korean public about security and privacy issues,” the Citizen Lab report states.
The Associated Press reports that MOIBA has denied that the two systems are the same, and an official of the group said a review by the government found security was satisfactory with Cyber Security Zone.
Citizen Lab co-authored the report with Cure53, a German auditing firm, and civic group OpenNet Korea.