It allowed us to log in when we entered the correct password on the 501st attempt. In addition we host a bug bounty program and run ongoing penetration testing,” said Chris Robertson, head of security and cloud operations for Life360, in an emailed statement to The Markup.įor one of the tests, we set up a script that attempted to log in to one of our accounts on Life360’s website using incorrect passwords more than 500 times in just over 16 minutes (after checking an initial checkbox labeled “I am human”). We have a highly experienced security team and conduct both internal and external audits of our platform. “We strongly disagree with the implied accusations in your series of questions.
#Life360 app hack full
You can see the full results of our testing here. We found the app notified users about log-ins from multiple devices and password reset requests but not when the account’s email address, phone number, or password were changed. Life360 partially passed two additional tests that check if a user is notified about account changes. Life360 did pass 11 other of the ASVS tests-for example we verified that users are able to change their password and can use passwords of more than 64 characters. We found that Life360’s app failed to pass six of the 19 tests we were able to conduct for important security features such as limiting failed log-in attempts and verifying that passwords are checked against a set of breached credentials.
#Life360 app hack verification
The organization’s Application Security Verification Standard (ASVS) is a voluntary industry guideline and also closely follows the National Institute of Standards and Technology’s (NIST) Digital Identity Guidelines, which are federal standards for user authentication. The Markup tested the Life360 app against a series of standards published by the Open Web Application Security Project (OWASP), a nonprofit foundation that promotes app security standards. Through a series of tests, we found that Life360 doesn’t provide several basic security measures to thwart potential hackers, including limiting failed log-in attempts and providing two-factor authentication for accounts. The app shares real-time location among group members as well as marked locations such as homes and workplaces. The service, used by more than 35 million people in 140 countries, is a location tracking app for families to keep tabs on their loved ones’ whereabouts. The family safety app Life360 doesn’t have some standard guardrails to prevent a hacker from taking over an account and accessing sensitive information, The Markup has found. Former employees said Life360 executives knew about security gaps
0 kommentar(er)
