A CHILD MONITORING COMPANY is mad as heck at a security researcher for highlighting a security problem without asking its consent first. Or something.
The company in question is uKnowkids and its target is a chap called Chris Vickery, a security researcher. His crime? Security research.
uKnowKids.com is a kind of virtual Mary Poppins. It does not put children in danger, like Mary Poppins, but it does look out for them and keep an eye on what they do by monitoring their communications and stuff.
We imagine that in some circumstance it has got some children in trouble. This week it is getting an older person in trouble, and accusing a security researcher of hacking as opposed to security researching.
Vickery is an established face in the industry, and we last met him when we attempted to cover something to do with MongoDB. Vickery reported that uKnowkids was using a mis-installed incidence of the database and that this left a large number of children and their data open to abuse.
uKnowKids did not exactly thank him for his efforts. Rather it got on a chair and started barking at him via a blog post. Vickery is thanked, but not thanked, if you get us.
"It is with significant personal regret that I share with you the news that uKnow had a private database repeatedly breached by a hacker using two different IP addresses on February 16, 2016 and February 17, 2016," says the blog by Steve Woda, CEO of uKnow and uKnowKids.
"The hacker claims to be a ‘white hat' hacker, which means he tries to obtain unauthorised access into private systems for the benefit of the ‘public good'. Although we do not approve of his methods because it unnecessarily puts customer data and intellectual property at risk, we appreciate his proactive, quick notification as it was helpful to our team."
uKnowKids isn't quite ready to accept the researcher's credentials or his findings, and said that it will return to the subject once it has completed its investigations. If we were betting people we would lay good money on Vickery not being asked to any uKnow parties in the future, at least not by Woda.
"uKnowKids was built by parents hoping to help other parents protect their kids with the same knowledge and tools that we have created to protect our own families," Woda added.
"If there is one lesson that has been reinforced for us with this hacker's data breach, it is this: there are bad actors out there on the internet and in our digital world that seek to exploit the vulnerabilities of our kids, our families and our organisations for their personal benefit."
"In violation of the Children's Online Privacy Protection Act uKnowKids.com gave public access to over 6.8 million private text messages, nearly two million images (many depicting children) and more than 1,700 detailed child profiles. This includes first and last names, email addresses, dates of birth, GPS coordinates, social media access credentials and more," he wrote.
"The uKnowKids child tracking platform claims to make ‘parenting easier and keep kids safe online'. However, earlier this month I discovered they were doing just the opposite. One of the uKnowKids databases was configured for public access, requiring no level of authentication or password and providing no protection at all for this data."
Vickery added that things took a forceful turn during communications with Woda and he was encouraged not to share his findings. µ
Pre-orders to begin on 9 September with release to follow on 16 September
Bunch of absolute DDoSers
You really, really, really can't say you weren't warned, like, a billion times
Where is your browser ballot now, citizen?