- #Life360 app for samsung full#
- #Life360 app for samsung verification#
- #Life360 app for samsung password#
- #Life360 app for samsung series#
Life360 did respond to each of the app store reviews that we found, directing users to their support team. Several users claimed that a hacker had logged in to their accounts and was able to view either their real-time locations, their marked places like their homes, or their loved ones’ real-time location. Life360 users have complained about unauthorized log-ins in multiple posts on social media and in reviews for the Life360 app in the Google Play and iOS app stores. “An app that’s dealing with child information that’s not at least offering multifactor, that’s straight-up negligence,” Jim Manico, the ASVS’s project manager said. In January, the company announced that it would stop selling precise location data (except to Allstate’s Arity) but would still supply aggregated location data to the company Placer AI. The Markup previously reported that Life360’s vast collection of location data made it one of the largest suppliers of raw data for the location data industry.
#Life360 app for samsung password#
The platform’s lax password policies, apparent lack of log-in attempt limits, and the absence of two-factor authentication is notable considering the sensitive nature of the precise, real-time location data it uses and the fact that children are among its users. The ASVS standard calls for allowing no more than 100 failed log-in attempts per hour on a single account. In both cases, Life360 never blocked future log-in attempts and immediately allowed access once we put in the correct password. We also did this test manually through the app with more than 100 failed attempts with the wrong password followed by a successful attempt with the correct password. It allowed us to log in when we entered the correct password on the 501st attempt. In addition we host a bug bounty program and run ongoing penetration testing,” said Chris Robertson, head of security and cloud operations for Life360, in an emailed statement to The Markup.įor one of the tests, we set up a script that attempted to log in to one of our accounts on Life360’s website using incorrect passwords more than 500 times in just over 16 minutes (after checking an initial checkbox labeled “I am human”). We have a highly experienced security team and conduct both internal and external audits of our platform.
#Life360 app for samsung series#
“We strongly disagree with the implied accusations in your series of questions.
#Life360 app for samsung full#
You can see the full results of our testing here. We found the app notified users about log-ins from multiple devices and password reset requests but not when the account’s email address, phone number, or password were changed. Life360 partially passed two additional tests that check if a user is notified about account changes. Life360 did pass 11 other of the ASVS tests-for example we verified that users are able to change their password and can use passwords of more than 64 characters. We found that Life360’s app failed to pass six of the 19 tests we were able to conduct for important security features such as limiting failed log-in attempts and verifying that passwords are checked against a set of breached credentials.
#Life360 app for samsung verification#
The organization’s Application Security Verification Standard (ASVS) is a voluntary industry guideline and also closely follows the National Institute of Standards and Technology’s (NIST) Digital Identity Guidelines, which are federal standards for user authentication. The Markup tested the Life360 app against a series of standards published by the Open Web Application Security Project (OWASP), a nonprofit foundation that promotes app security standards. Through a series of tests, we found that Life360 doesn’t provide several basic security measures to thwart potential hackers, including limiting failed log-in attempts and providing two-factor authentication for accounts. The app shares real-time location among group members as well as marked locations such as homes and workplaces.
The service, used by more than 35 million people in 140 countries, is a location tracking app for families to keep tabs on their loved ones’ whereabouts. The family safety app Life360 doesn’t have some standard guardrails to prevent a hacker from taking over an account and accessing sensitive information, The Markup has found. Former employees said Life360 executives knew about security gaps
0 kommentar(er)
