Parental Control App Vulnerable To Cross-Site Scripting Attacks

A researcher with cybersecurity firm Tripwire has discovered a vulnerability with popular parental control app Canopy. The app is vulnerable to a variety of cross-site scripting (XSS) attacks, according to the researcher. The attacks could range from a sneaky kid disabling the monitoring to a much more serious third-party attack delivering malware to parental users.

Yariv Shivek, VP of Product, Neosec had this about app and related vulnerabilities:

     “This attack uses cross site scripting (XSS) leading to account takeover. As a security-minded vendor (Canopy), being able to detect that certain “parents” are using the app suspiciously is a question of firstly monitoring app usage at all, and secondly – monitoring it with behavioral analytics.”

     “Of course preventing the XSS vulnerability in the first place would be better, but no security control is perfect, and that’s why security practitioners have used defense in depth from time immemorial.”

Let’s see if the makers of Canopy fixes this. If they don’t, parents should abandon this app very, very quickly.

Leave a Reply

%d bloggers like this: