成人抖阴

Help fund stories like this.

Updated, Sept. 28

A student monitoring company that thousands of schools used during remote and hybrid learning to ensure students were on task may have inadvertently exposed millions of kids to hackers online, according to a report released Monday by the security software company McAfee Enterprise.

The , conducted by the company’s Advanced Threat Research team, discovered the bug in the software, which is used by some 3 million teachers and students across 9,000 school systems globally, including in the U.S. The software allows teachers to monitor and control how students use school-issued computers in real time, block websites and freeze their computer screens if they鈥檙e found to be off task.

This is the second time in less than a year that McAfee researchers have found vulnerabilities in Netop鈥檚 education software 鈥� glitches that to gain control over students鈥� computers, including their webcams and microphones. It鈥檚 unclear whether the software had been breached by anyone other than the researchers. In a $4 billion deal over the summer, McAfee Corp. sold off the business-focused McAfee Enterprise to focus on consumer cybersecurity.

鈥淭his speaks to the power of responsible disclosure and 鈥榖eating the bad guys to the punch鈥� in terms of providing vendors insights to the flaws in their products and an appropriate time period to produce fixes,鈥� Doug McKee, McAfee鈥檚 principal engineer and senior security researcher, and Steve Povolny, the company鈥檚 head of advanced threat research, said in an emailed statement.

鈥淲e do believe this bug is highly likely to be exploitable, and a determined attacker may be able to leverage the attack鈥� to breach the system.

Netop, which bills its products as a way to 鈥渒eep students on task, no matter where class is held,鈥� did not immediately respond to requests for comment.

While the research comes as many U.S. students return to classrooms for in-person learning, cyberattacks targeting K-12 school districts 鈥� already an issue before the pandemic 鈥� have worsened throughout it. In the last month, educational organizations were , according to Microsoft Security Intelligence. In fact, educational organizations accounted for nearly two-thirds of such attacks globally. Publicly disclosed computer attacks against schools in 2020.

To conduct the research, McAfee relied on a free trial of Netop to analyze the program鈥檚 underlying code using an automated testing technique called 鈥渇uzzing,鈥� in which they provided the software with malformed data to cause a crash. As a result, they found a bug in the way the program transmits digital images of students鈥� screens to teachers that could be exploited to attack children with malware, ransomware, collect their personal information or to access the computers鈥� webcams.

In March, that allowed hackers to 鈥済ain full control over students’ computers.鈥� Among the issues, researchers discovered that communications between teachers and students through the service were unencrypted, meaning they weren鈥檛 protected by a code that blocks unauthorized access.

In a blog post, McAfee explained how the , noting that while the company鈥檚 monitoring software 鈥渕ay seem like a viable option for holding students accountable in the virtual classroom, it could allow a hacker to spy on the contents of the students鈥� devices.鈥�

鈥淚f a hacker is able to gain full control over all target systems using the vulnerable software, they can equally bridge the gap from a virtual attack to the physical environment,鈥� the blog post explained. 鈥淭he hacker could enable webcams and microphones on the target system, allowing them to physically observe your child and their surrounding environment.鈥�

Multiple education technology companies have experienced hacks and other digital vulnerabilities during the pandemic. In July 2020, for example, , which provides a live proctoring service to help prevent cheating, and published the personal information of more than 444,000 students to an online forum.

Privacy and civil rights groups have raised concerns for years about the risks posed by student surveillance tools, including issues related to cybersecurity and privacy. Perhaps most famously, a suburban Philadelphia school district reached in 2010 after educators used computer webcams to surveil students at home without their knowledge.

Earlier this month, 成人抖阴 published an in-depth investigation about how another student surveillance company, Gaggle, subjects children to relentless digital surveillance as it monitors students鈥� online activity 鈥� both in classrooms and at home 鈥� in search of keywords that could indicate problematicor potentially harmful behaviors. Among other concerns, privacy advocates argue that schools鈥� broad collection of student information could .

McAfee says it notified Netop of its initial findings in December 2020 and the company rectified 鈥渕any of the critical vulnerabilities鈥� by February 2021. The security giant alerted Netop to the latest bug in June and the company has worked 鈥渢owards effective mitigations,鈥� according to McAfee, but has not yet announced a permanent fix.

Help fund stories like this.