Betrayed by the Guardian: Security and Privacy Risks of Parental Control Solutions

TL;DR

This paper systematically evaluates the security and privacy risks of various parental control solutions across multiple platforms, revealing widespread vulnerabilities that could compromise user privacy and safety.

Contribution

It introduces a novel experimental framework for comprehensive security and privacy analysis of parental control tools across diverse platforms.

Findings

Widespread security vulnerabilities found in parental control solutions

Potential for privacy leaks and full control by adversaries

Risks of aiding cyberbullying and cyber predators

Abstract

For parents of young children and adolescents, the digital age has introduced many new challenges, including excessive screen time, inappropriate online content, cyber predators, and cyberbullying. To address these challenges, many parents rely on numerous parental control solutions on different platforms, including parental control network devices (e.g., WiFi routers) and software applications on mobile devices and laptops. While these parental control solutions may help digital parenting, they may also introduce serious security and privacy risks to children and parents, due to their elevated privileges and having access to a significant amount of privacy-sensitive data. In this paper, we present an experimental framework for systematically evaluating security and privacy issues in parental control software and hardware solutions. Using the developed framework, we provide the first comprehensive study of parental control tools on multiple platforms including network devices, Windows applications, Chrome extensions and Android apps. Our analysis uncovers pervasive security and privacy issues that can lead to leakage of private information, and/or allow an adversary to fully control the parental control solution, and thereby may directly aid cyberbullying and cyber predators.