How my 13 yr old hacked parental controls - YOU NEED TO FIX

Cliff G. shared this idea 2 months ago
Under Consideration

My 13 yr old has figured out how to bypass parental controls. YOU NEED TO FIX THIS!!!

I set the parental control for my 13 yr old's ipad to only allow internet access for his user profile/device from 1:00 am to 1:15 am on Mondays. When he trys to go to a website he gets the error: "eBlocker Access has been denied." This error message includes three buttons: "Try again", "back", and "Configuration". If he selects "Configuration" he then sees the basic eblocker website with a window that says "Login to eBlocker Settings, Enter administrator password" , and two buttons "Forgot Password" and "Sign in".

If my 13 yr old selects the "Forgot Password" he is then prompted with the "Reset Administrator Password" window which includes the "Start Reset" button. If he selects the "Start Reset Button" and then disconnects power to the eBlocker and then reconnects power to the eBlocker he is presented with the normal password reset options, which he then does. Now he has full access to the eBlocker settings and changes his parental controls to whatever he wants.

As an aside, we locked the eBlocker in a vented metal computer cabinet (with a vent fan) so that my 13 yr old wouldn't be able to simply remove the power to the eBlocker by disconnecting the power cord, as he did initially. We thought we had protected the system by also putting our router in the same box, on the same power strip. Our thought was that if the eBlocker power was disconnected, it could only be done by killing power to the entire locked computer box, which would also kill power to the router, and thereby make it impossible for anyone to be on the wireless (internet) when the eblocker was off. Of course, the above hack only requires temporary removal of power to the eblocker.

I strongly suggest that you require any password resets for the eblocker to go through a registered email account with eblocker, as EVERYBODY ELSE ALREADY DOES. I'm very upset and disappointed that my eBlocker is effectively useless for the reason that I bought it: to restrict my kids internet usage.

One way or another, the admin ought to be the only one with password reset rights.

And by the way, you should also send me an email everytime the password is reset so that if I didn't do it, I know that something is going on with the eBlocker.

Comments (2)

photo
1

Thank you for your report suggestions.

We will rethink they way of a password reset.

photo
1

Perhaps it would be as simple as removing the "Configurations" button from the warning notice, at least for now? Then a more robust solution could be put in place at a later time?