The security researchers at McAfee have discovered four critical security holes in Netop Vision Pro, a software for advanced classroom management widely used in Germany.
Software of this type has been used widely by German schools since the beginning of the Covid-19 pandemic to enable home schooling. The security flaws in the Netop software allow hackers to gain full control over the students' computers - and thus smuggle in ransomware, access private data or gain access to other accounts on the computer and local network. A lack of encryption, the fundamentally insecure design and LPE weaknesses in the software mean that the hackers can emulate learning commands and thus completely compromise devices. This would also allow access to the students' webcams.
Control via student PC possible
McAfee Advanced Threat Research Team Results Overview:
- Missing encryption in all network traffic and no encryption option in the configuration. This enables anyone on the local network to listen to the lesson and see what is on the student screens.
- The vulnerability enables ransomware to be infiltrated into all school computers in the network, which could paralyze the entire school infrastructure.
- A stealthy attacker could silently install keylogging software and monitor students' screens, which could lead to social media or financial accounts being compromised.
- Hackers could also gain access to the students' webcams and thus infiltrate not only the digital space, but also the physical environment of the mostly underage students.
The vulnerability in Netop Vision Pro shows a unique and situational attack vector that resulted from the spread of home schooling as part of the Covid-19 pandemic. The potential effects and damage of security gaps like this one are enormous and the research findings now illustrate the need to investigate and protect new technologies more closely in the context of home schooling.
Update already available
With the results of the McAfee research team released, Netop Vision Pro has now made a more secure version of its software available that schools can implement directly.
More on this at McAfee.de
About McAfee
McAfee Corp. (Nasdaq: MCFE) is one of the world's leading cyber security companies, with solutions from the end device to the cloud. Inspired by the strength of close collaboration, McAfee develops solutions to create a safer world for business and private customers.