Parental Control App Vulnerable To Cross-Site Scripting Attacks

A researcher with cybersecurity firm Tripwire has discovered a vulnerability with popular parental control app Canopy. The app is vulnerable to a variety of cross-site scripting (XSS) attacks, according to the researcher. The attacks could range from a sneaky kid disabling the monitoring to a much more serious third-party attack delivering malware to parental users.

Yariv Shivek, VP of Product, Neosec had this about app and related vulnerabilities:

     “This attack uses cross site scripting (XSS) leading to account takeover. As a security-minded vendor (Canopy), being able to detect that certain “parents” are using the app suspiciously is a question of firstly monitoring app usage at all, and secondly – monitoring it with behavioral analytics.”

     “Of course preventing the XSS vulnerability in the first place would be better, but no security control is perfect, and that’s why security practitioners have used defense in depth from time immemorial.”

Let’s see if the makers of Canopy fixes this. If they don’t, parents should abandon this app very, very quickly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: