Voice recordings from domestic violence alerting app exposed on the internet
On the face of it, it sounded like a good idea.
A smartphone app, disguised as a regular app delivering the top world, sports, and entertainment news, containing a secret feature that allows victims of domestic abuse to send a covert distress call for help at the touch of a button.
That was the idea behind the free Aspire News App, launched some years ago by When Georgia Smiled, a US non-profit founded by Robin McGraw and her husband US TV star “Dr Phil” to help victims of domestic violence and sexual assault.
To be honest, that still sounds like a good idea to me – if the app is coded well, and if any data it collects is properly secured.
But what isn’t a good idea is for voice recordings made by the app to be left exposed on an unsecured Amazon Web Services (AWS) S3 bucket, allowing anyone with internet access to download them and listen if they so wish.
According to security researchers at VPN Mentor, who found the exposed data, over 4,000 voice recordings of emergency messages left by victims of domestic violence were available to access – no password required.
Some of the 230MB worth of recordings included personally identifiable information such as names, home addresses, as well as the identities of violent abusers.
Transcripts of just two of the recordings that were exposed reveal the seriousness of the situation:
“[Full Name] is threatening or hurting me. Please send help now. [Full address]”
“Please call the police right away and have them come to [Full Address]. I am in great danger. I need you to send the police right away, please…”
Potentially, if the information fell into the wrong hands it could not only expose people who did not want the data revealed at the risk of extortion, but it could also put victims in greater physical danger if their abuser found out.
The researchers attempted to reach out to When Georgia Smiled and the Dr. Phil Foundation to get the serious data breach fixed last Wednesday, but ultimately it took the involvement of AWS itself to get the unsecured web bucket shut down.
So, that’s a happy end to the story, right?
Well, perhaps not.
You see, a security failure like this could lead to victims of domestic abuse losing confidence in Aspire News App. If they do not feel safe any longer using the app, they may find it harder to escape abusive relationships safely.
That clearly wasn’t what Dr Phil and his wife Robin McGraw wanted – the Aspire News app was supposed to help people escape dangerous situations, not make it even harder to find a way out.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 16, 2021
September 14, 2021