The latest hacking incident has proved that even students are not safe from cyberattacks! Mobile Guardian, a classroom management platform for seamless digital management, was attacked by a threat actor recently. The attack affected users across Singapore. North America and Europe. As many as 13000 devices got completely wiped out and those students simply lost all their data.
What exactly happened to the digital classroom management system?
A threat actor managed to get illegitimate access to Mobile Guardian on 4th August 2024. This breach affected 13000 ChromeOS and iOS devices. The digital management platform claims that the hacker does not have access to any user data. But Singapore government is extremely unhappy with the breach. They are highly concerned about the security of students and other users. Over 26 Singapore-based schools have been affected by this massive cyberattack.
Singapore MOE, or the Ministry of Education, has removed the app from all the devices. Also, they are trying their best to restore all the wiped-away data as soon as possible.
The services have been temporarily suspended by Mobile Guardian. So at present, no users are able to access the digital classroom management platform.
Also, this is not the first time that Mobile Guardian was targeted. Just a couple of months ago, around 90,000 parents and staff were affected as their personal data got hacked. Patrick Lawson, the CEO, has been tight-lipped since the hacking incident. His PR team is trying their best to cover up the situation in the best way possible.
Preliminary investigation shows that the threat actor managed to access Mobile Guardian’s support account. From there, the hacker accessed the user’s details.
What’s the impact on the students?
Those 13000 students who lost their data are traumatized right now. All their projects, homework, assignments, and research papers are gone. Students and their parents are worried about their educational future since the lost data can hamper their examinations and assessment tests. The hacker has even erased all the data backup. Even the file formats are in such a messy condition that a second backup from the cloud service is not possible at present.
An anonymous student, who claims to be a user of Mobile Guardian, has said that they reported a bug in Mobile Guardian back in May 2024. However, the Singapore government claims that the same bug had been fixed before the cyberattack on 4th August. The same student says that it is highly likely that Mobile Guardian may still have more vulnerabilities.
They made a post on the Reddit site and claimed that the bug used to allow any signed-in user “super-admin” access. They believe that this access would allow a hacker to carry out administrative tasks as well as reset the device of every user.
Software supply chain attacks on the rise!
This massive attack on the UK-based virtual classroom management platform is a staggering reminder that software supply chain attacks are witnessing a sudden surge. Threat actors hack into the systems of the service providers with the ultimate goal of affecting the end users. Supply chain attacks are gradually becoming a “new normal.” It is high time to put a full stop to such attacks once and for all before things go way out of our control. Surefire security measures should be taken during the software development phase to make it hack-proof and safe for the users.
Security measures that you can take as an end-user
Following are certain security measures that you must always keep in mind while using SaaS products:
- Two-factor authentication
Always use two-factor authentication or multi-factor authentication, as it adds an extra layer of security and decreases the chance of a hacker accessing your data.
- Unique, out-of-the-world passwords
Always create a password that is too hard to crack. Also, don’t use the same password everywhere. Keep updating your passwords from time to time. Never share your passwords with anyone.
- Security audits
Go for security audits at regular intervals and seek professional help if necessary, as this will keep your data and device secure.
- Software updates
Keep your software up-to-date so that you can reap the benefits of the latest security patches.
- Lookout for suspicious activities
Monitor your software regularly and look for signs of suspicious or unusual activity. If you notice something fishy, change your password immediately and inform the authorities as soon as possible.
The Mobile Guardian attack is a stark reminder that digitization has its downside as well. The edtech industry is highly vulnerable to cyberattacks and requires a robust anti-hacking system and phishing protection at the earliest. Both service providers and end users are required to stay vigilant while using such software. Besides, the government, cybersecurity experts, and service providers must act hand in hand to offer complete digital security to the users.