The Guardian is reporting warnings that one of the most widely used tools for monitoring and restricting pupils’ internet use in UK schools has a serious security flaw which could leave children’s personal information exposed to hackers…
Impero Education Pro, a product that restricts and monitors’ students’ website use and searches, is used in 27% of UK secondary schools, according to the company. In a controversial pilot programme, a version of the software looks for extremism-related searches such as “jihadi bride”.
But last month the security researcher Zammis Clark posted extensive details of a flaw in the company’s encryption protocols which could allow almost anyone to gain full access to computers running the Impero software, run software such as spyware on the systems, or access files and records stored on them.
The company said it had released a temporary security patch and was working on a permanent upgrade.
Clark said the flaw he found would leave affected schools’ networks “completely pwned”, online slang meaning in this context that the networks’ security would be fully compromised and information on it would be rendered vulnerable.
He said he had posted it publicly, rather than privately disclosing it to the company, for several reasons. “One was that I was against the ‘anti-extremism’ stuff, the other was because not being a customer, I didn’t know where to send it.”
Schools using Impero’s software said the company had notified them of the security flaw in the middle of last month but they were offered few details of its potential scale.
One school IT manager said the response from Impero was vague and required managers to contact the firm for more information. “Impero are crap at communication,” he said…
Is your school affected by this and, if so, have you been happy with the response from Impero?
Is this something that – with the story going public in the mainstream media – will need to be communicated to parents?
Don’t forget you can sign up to receive our daily email bulletin every morning (around 7 am) with all the latest schools news stories. Your details will never be given to anyone else and you can unsubscribe at any stage. Just follow this link