MDM software for schools is breached for second time this year—13,000 devices wiped in Singapore⁠ ⁠alone.

Hackers Ate My Homework

What’s the craic? Bill Toulas reports: Hacker wipes 13,000 devices after breaching classroom management platform

“13,000 students”
A hacker has breached … a digital classroom management platform used worldwide. … Mobile Guardian, a ‘Google for Education’ partner, is a cross-platform (Android, Windows, iOS, ChromeOS, macOS) one-on-one solution.
…
The platform announced it suffered a security breach: … A hacker gained unauthorized access to its platform, impacting its North American, European, and Singaporean instances. [It] says the incident only impacted a “small percentage of devices,” [but] Singapore’s Ministry of Education says that the threat actor used the platform to wipe the iPads and Chromebooks of 13,000 students in the country.

That’s gotta hurt. Alexander Martin adds: Hackers remotely wipe 13,000 students’ iPads and Chromebooks

“Strong concerns”
It is not yet known whether other schools and enterprise customers have been similarly affected by the security incident, nor what effect the wiping will have on education. … Singapore’s Ministry of Education (MoE) … stated it had “immediately registered strong concerns” with Mobile Guardian, and as a precaution would be removing the company’s software from students’ devices.

Horse’s mouth? Patrick Lawson’s PR team swung into action: Mobile Guardian services are currently halted due to a security incident

“Our deepest apologies”
A limited number of iOS devices were unenrolled … and in some cases devices wiped remotely. … The perpetrator attempted to unenrol ChromeOS devices, however, they were not able to. … There is no evidence to suggest that the perpetrator had access to users’ data.
…
We are not taking this matter lightly. … We want to express our deepest apologies for any inconvenience this will have caused.

Feeling some déjà vu? This was Gabrielle Chan just three months ago: Data breach affecting 89,000 parents, school employees

“Tried to extort money”
Preliminary investigations by Mobile Guardian … show that an unauthorised individual had gained access to a support account on its management portal, using it to view information of customers based in the United States and Asia-Pacific regions. … This affected about 67,000 parents and 22,000 school employees across 127 schools in Singapore [alone]. The individual … tried to extort money in exchange for keeping quiet.

How big of a deal is this? Pretty big, thinks fuzzyfuzzyfungus:

Singapore is one of the locations where they have an end-of-high-school Big Serious Exam, … where doing poorly is a pretty good way to not get into a selective college. … I suspect that they’ve got students watching their entire futures flash before their eyes, … freaking out and catastrophizing.

Hyperbole much? Get off my lawn, thinks sitta_europea:

There was a time when you could show your understanding of a subject by making marks on a bit of paper with a pencil. Doing things this way had, as far as I can remember, absolutely no privacy or crime issues although it was, relatively speaking, hard work.
…
Curiously enough, when I was doing the said hard work (on my way to a first class … degree), people used to tell me that hard work was a Good Thing. … I agreed with them. And I kinda still believe that, but then I’ve worked hard all my life.

Okay, boomer. Firethorn’s vibe is lit: [You’re fired—Ed.]

Well, at least this is a better excuse for not having work turned in than “the dog ate my homework”. Lots of work for the teachers though.

But don’t they have backups? No, according to dwl-sdca:

One who was affected explained to me that their tablet was wiped and the company’s backup … was also wiped. The student had files automatically backed up but the backups were also trashed. The files were in a format that wouldn’t allow a second backup to another cloud service (or so the student was led to believe).

What a mess. Junta has seen it all before:

The issue with a lot of these management/security solutions is that they just aren’t very good quality. You frequently end up with multiple points of failure that are all sufficient to ruin your day.
…
Right now, my company’s standard load could be killed either by the OS vendor, three distinct “security” suites from three different vendors, another “management” software, the hardware vendor, the IT team themselves, and the end users). A lot of corporations give a lot of vendors admin access to their devices in the name of better management/security—and at some point take on way more risk than they ever were going to mitigate with an incremental add of another security vendor.

Meanwhile, Frodo Douchebaggins laughs at the MDM platform’s branding:

The perfect guardian: Protecting your data by making your devices unusable.

And Finally:

Can I get an Amen?

CW: Adult theme at 0’54.

Previously in And Finally

You have been reading SB  Blogwatch by Richi  Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.