A researcher with cybersecurity firm Tripwire has discovered a vulnerability with popular parental control app Canopy. The app is vulnerable to a variety of cross-site scripting (XSS) attacks, according to the researcher. The attacks could range from a sneaky kid disabling the monitoring to a much more serious third-party attack delivering malware to parental users.
Yariv Shivek, VP of Product, Neosec had this about app and related vulnerabilities:
“This attack uses cross site scripting (XSS) leading to account takeover. As a security-minded vendor (Canopy), being able to detect that certain “parents” are using the app suspiciously is a question of firstly monitoring app usage at all, and secondly – monitoring it with behavioral analytics.”
“Of course preventing the XSS vulnerability in the first place would be better, but no security control is perfect, and that’s why security practitioners have used defense in depth from time immemorial.”
Let’s see if the makers of Canopy fixes this. If they don’t, parents should abandon this app very, very quickly.
Like this:
Like Loading...
Related
This entry was posted on October 7, 2021 at 9:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The IT Nerd 
Parental Control App Vulnerable To Cross-Site Scripting Attacks
A researcher with cybersecurity firm Tripwire has discovered a vulnerability with popular parental control app Canopy. The app is vulnerable to a variety of cross-site scripting (XSS) attacks, according to the researcher. The attacks could range from a sneaky kid disabling the monitoring to a much more serious third-party attack delivering malware to parental users.
Yariv Shivek, VP of Product, Neosec had this about app and related vulnerabilities:
“This attack uses cross site scripting (XSS) leading to account takeover. As a security-minded vendor (Canopy), being able to detect that certain “parents” are using the app suspiciously is a question of firstly monitoring app usage at all, and secondly – monitoring it with behavioral analytics.”
“Of course preventing the XSS vulnerability in the first place would be better, but no security control is perfect, and that’s why security practitioners have used defense in depth from time immemorial.”
Let’s see if the makers of Canopy fixes this. If they don’t, parents should abandon this app very, very quickly.
Share this:
Like this:
Related
This entry was posted on October 7, 2021 at 9:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.