A student monitoring company that thousands of schools used during remote and hybrid learning to ensure students were on task may have inadvertently exposed millions of kids to hackers online, according to a report released Monday by the security software company McAfee.
The research, conducted by the McAfee Enterprise Advanced Threat Research team, discovered the bug in the Netop Vision Pro Education software, which is used by some 3 million teachers and students across 9,000 school systems globally, including in the U.S. The software allows teachers to monitor and control how students use school-issued computers in real time, block websites and freeze their computer screens if they’re found to be off task.
This is the second time in less than a year that McAfee researchers have found vulnerabilities in Netop’s education software — glitches that hackers could exploit to gain control over students’ computers, including their webcams and microphones. It’s unclear whether the software had been breached by anyone other than the researchers.
“This speaks to the power of responsible disclosure and ‘beating the bad guys to the punch’ in terms of providing vendors insights to the flaws in their products and an appropriate time period to produce fixes,” Doug McKee, McAfee’s principal engineer and senior security researcher, and Steve Povolny, the company’s head of advanced threat research, said in an emailed statement.
“We do believe this bug is highly likely to be exploitable, and a determined attacker may be able to leverage the attack” to breach the system.
Netop, which bills its products as a way to “keep students on task, no matter where class is held,” did not immediately respond to requests for comment.
While the research comes as many U.S. students return to classrooms for in-person learning, cyberattacks targeting K-12 school districts — already an issue before the pandemic — have worsened throughout it. In the last month, educational organizations were the target of more than 5.5 million malware attacks, according to Microsoft Security Intelligence. In fact, educational…