Researchers have found numerous critical vulnerabilities in popular remote monitoring software. What makes the incident problematic is that it could affect the safety and privacy of students.
McAfee disclosed on Monday that there are several security gaps in Netop Vision Pro.
The software is popularly used by school teachers to control remote lessons. The software was marketed as a way for teachers to retain control in the class.
There are features like viewing the student’s screen, sharing screens, using web filters, sending URLs, chat functions, and the ability to freeze a student’s screen.
The problem the solution created
The vendor says that the addition of technology to the classroom allows students to get new resources but it can bring distractions too. With classroom management software, the vendor says that teachers stay in control of virtual classes.
Vision’s features are touted as a way for teachers to manage and monitor students in real-time.
McAfee’s Advanced Threat Research team says that Netop Vision Pro has vulnerabilities that can be exploited by a hacker to gain access and control student’s computers.
The team set up a virtual classroom using four devices that were in a local network. They realized that the network traffic was not encrypted and the software offered no options to configure this.
Students who then began connecting to the classroom started unknowingly sending screenshots to the teacher. Because there is no encryption, the images were sent in the clear. Anyone could intercept them and view the contents of the students’ screens remotely.
As the lesson begins, the teacher has to send a network prompting students to join. The team showed how they could modify the data and pose as the teacher host, not to mention all the privilege elevation they managed to execute to gain system privileges.