A Popular Remote Lesson Monitoring Program Might be Exploited by Attackers
The four vulnerabilities found were putting in danger the PCs while using the software and exposing students to possible attacks.
Netop is a software specialized in providing visibility over student activities, that lets teachers see what their students see, in this way the teachers can also share their screen, lock student screens and keyboards and block websites with the click of a button.
The software designed and advertised for helping teachers keep control of lessons has several features like, viewing student screens and sharing the teachers’, implementing web filters, pushing URLs, chat functions, and freezing student screens.
Adding technology to the classroom allows you to give your students a multitude of new resources, but it can also add more distractions.
Classroom management software helps you scaffold your students’ learning while still keeping them on track. In the classroom or during remote learning, Vision’s simple features allow you to manage and monitor your students in real-time.
What happened?
On Monday researchers at McAfee have disclosed the existence of multiple security holes in Netop Vision Pro. It looks like the software contains vulnerabilities that “could be exploited by a hacker to gain full control over students’ computers.”
What vulnerabilities were discovered?
All the network traffic was unencrypted and there was no option to enable encryption during configuration. Aside from this pressing issue, the software was sending screenshots to the teacher, without the students’ knowledge, leaving the images sent vulnerable for anyone to eavesdrop on them.
Since there is no encryption, these images were sent in the clear.
Anyone on the local network could eavesdrop on these images and view the contents of the students’ screens remotely.
Another dangerous action performed by the software is related to the way in which teachers are starting their sessions. They send a network packet prompting students to join, leaving room for an attacker to masquerade as the teacher host and perform a local elevation of privilege (LPE) attack in order to ultimately gain system privileges.
The chat function contained in the software is saving the files sent by a teacher into a ‘work’ directory while running as a system making it possible for an attacker to overwrite existing files and send malicious content to students, like malware that could compromise their PCs.
Netop Vision Pro student profiles also broadcast their presence on the network every few seconds, allowing an attacker to scale their attacks to an entire school system.
Because it is always running, even when not in use, this software assumes every network the device connects to could have a teacher on it and begins broadcasting.
The security issues and CVEs were discussed confidentially with the vendor in December 2020, making the latest software release, 9.7.2 to address some of the issues, such as LPE bugs and the encryption of credentials, whilst adding mitigations to chat-based read/write issues, as well.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
This news comes just days after the FBI warned of increasing rates of attack against US and UK schools and universities, with law enforcement agencies seeing a spike in attack attempts leveraging PYSA ransomware.