Motherboard recently reported that a company [Family Orbit] that is selling spyware to parents to keep track of their children has been hacked. As a result, the pictures of hundreds of monitored children were leaked online, protected only by an easy-to-guess password, a hacker claims.
Hacker Breaches Spyware App Family Orbit, Leaks Photos of Kids Online
As explained by the media, the hacker, who is known for having hacked spyware maker Retina-X and for wiping its servers not once but twice, said he was able to find the key to the cloud servers of Family Orbit, a company that that markets itself as “the best parental control app to protect your kids.” What is mostly concerning is that 1) the servers contained the photos intercepted by the spyware, and 2) the company has already confirmed the breach.
The hacker claims that he had all the photos uploaded from the phones of children being monitored. But there were also screenshots of the developer’s desktops exposing passwords and other highly sensitive details.
What is the result of the breach?
The company left exposed 3,836 containers on Rackspace with 281 gigabytes of pictures and videos, the hacker said. The hacker shared screenshots showing he had access to the folders.
Unfortunately, Motherboard verified the breach after the hacker shared a sample of users with them. The media confirmed that those were active users by attempting to register to the service using the very same email addresses. Furthermore, Family Orbit also confirmed that the API key is stored encrypted in the app, and that they have observed some unusual bandwidth in their cloud storage.
The company quickly changed the API key and login details, and also took down the services until the vulnerabilities are fixed accordingly.
This breach is yet another incident involving “legal spyware” apps and services, such as FlexiSpy, FlexiSpy, Retina-X, TheTruthSpy, Mobistealth, Spy Master Pro, Spyfone and SpyHuman. These breaches should serve as a warning to parents, and should also highlight the unethical side of using spyware against people, be it your kid, spouse, or friend.
More about Family Orbit
Curiously enough, the app, which is compatible with both Android and iOS, is advertised as “the best parental control app to protect your kids”. The app offers the following features:
- Monitoring children’s phone activities;
- Locating the child on a real-time map;
- Locking or unlocking the child’s device instantly;
- Blocking dangerous apps and websites.
Spyware apps aside, IoT toys have also proven to be a liability that can expose children’s personal details. In 2017, 2 million voice recordings of children and parents, together with e-mail addresses and passwords belonging to 800,000 accounts were exposed due to insecure Internet-connected stuffed animal toys.