A domestic violence prevention app backed by Dr. Phil exposed victims’ distress recordings

[InfoSec News <alerts () infosecnews org>]

https://techcrunch.com/2020/06/25/aspire-app-dr-phil/

By Zack Whittaker
TechCrunch.com
June 25, 2020

Back in 2013, Robin McGraw, wife of U.S. television personality Dr. Phil, 
launched an app to help domestic violence victims covertly signal for 
distress. It was quickly heralded as a potential lifesaver for those in 
harm’s way.

Aspire News, which claims over 300,000 downloads, is disguised to look 
like an innocuous news reading app that domestic violence victims can use 
to alert friends and family to abuse or danger. When a victim taps the top 
bar of the app three times, the app can alert trusted contacts with a 
prewritten message, a prerecorded voice note and the victim’s precise 
location by text message to indicate that they need help or are in danger.

But a security lapse meant that those uploaded voice recordings were left 
exposed on an unprotected cloud server for anyone to access.

Security researchers Noam Rotem and Ran Locar found the exposed recordings 
and reported the incident. The database was pulled offline shortly after. 
Rotem and Locar shared their findings exclusively with TechCrunch.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_