Categories
Pinboard

Reading: How To (Hypothetically) Hack Your School’s Surveillance System | Gizmodo

Source

Tracking pitched to students – and parents – as Keys to Success. Students aren’t naive: they know admin is tracking them for retention and sales – not security. Tracking via D2L is prevalent, too. They know when you are reading; they know when you are late. On D2L, that creepy prof can see your exchanges with other students – and administrators can see when that creepy prof is checking in and out.

Balan listed off several easily foreseeable scenarios in which relatively untested school-wide surveillance systems put data in the hands of faculty. An evildoer can carry out a man-in-the-middle attack on any network, injecting downloads with malicious code. An impersonation attacker could spoof a Bluetooth identifier. A bad teacher with access to location data could stalk a student; a good teacher with a dumb password could be easily hacked. “Say I’m a teacher, and my password is Whitney123,” Balan postulated. “Arguably, out of ten thousand students, someone is going to try that password.”

If school surveillance looks anything like school security, he says, a “password123” blunder ranks high on the list of probabilities; Balan calls the present state of security tech in public spaces like hospitals and university campuses “a disaster.” “The software and operating systems are outdated, and passwords are leaked,” he said. “Surveillance cameras are on the same network as other computers, and the access to that network would be the word ‘password.’ And by no means was this an isolated case.”

It’s an opportunity for guerrilla theatre. How about hacking a classroom to show all students present all the time. How about sitting down at all entrances to an admin building – blocking them in or out. How about spamming the D2L message system with Wham! lyrics.

Vick countered with an offer to students:

If you are at one of these schools asking you to install apps on your phone to track you, hit me up for some totally hypothetical academic ideas on how one might dismantle such a system.

We’re always up for hacker class, so Vick supplied Gizmodo with a few theories for inquiring minds.