Distance and hybrid learning environments are now essential, but that may change. To adapt, many schools have implemented new software to support remote classroom operations.
One of them is Netop Vision Pro , a monitoring system that helps teachers manage online learning smoothly. The software allows teachers to perform tasks on student computers, such as locking student devices, blocking access to the web, remotely controlling desktops, running applications, and sharing documents. However, the McAfee Advanced Threat Research (ATR) team recently discovered a vulnerability in Netop Vision Pro that could allow hackers to take full control of student computers.
Learn more about these vulnerabilities and discover how you can protect your students in the virtual classroom.
How McAfee Identified the Vulnerability in Netop Vision Pro
Just like a school chemistry project, our researchers created a simulation to test a hypothesis about a potential software bug. The McAfee ATR team set up Netop software to mimic a virtual classroom with four devices connected to a local network. Three devices were students and one was a teacher. During the setup, the team noticed that there were different levels of permissions between the student and teacher profiles. They decided to see what would happen if they targeted the student profile, as this could be a way for a hacker to cause more damage. With this experimental setup, let’s put ourselves in the shoes of a cybercriminal.
While observing the virtual classroom, the ATR team discovered that all network communications (including sensitive information like Windows credentials) were not encrypted and there was no option to enable encryption during setup. The team also noticed that students connecting to the virtual classroom were unknowingly sending screenshots to their teachers.
They also realized that teachers could send network packets (small segments containing internet data) to students, encouraging them to connect to their virtual classrooms. With this information, the team was able to modify the code to impersonate the teacher. From there, they began to explore how hackers might use the compromised connection.
The McAfee ATR team turned their attention to Netop Vision Pro’s chat feature, which allows teachers to send messages and files to student computers, as well as delete files. Any files sent by the teacher are stored in a “working directory,” which students can open from their instant messaging (IM) window. As the team discovered, if a hacker can impersonate a teacher, they could use this feature to overwrite existing files or even trick students into clicking on a malicious file.
Netop Vision Pro vulnerability poses risks
Of course, remote learning software is now essential to keep kids up with their studies. But it’s important to be savvy and protect student privacy when using these platforms. While student screen sharing with Netop Vision Pro seems like a viable option to ensure students are fully engaged in the virtual classroom, it could allow hackers to spy on content on student devices. While it allows teachers to monitor students in real time, it also puts student privacy at risk.
If a hacker uses the modified code to impersonate a teacher, they could send malicious files containing malware or phishing links to student computers. Netop Vision Pro student profiles also show the student’s network login status, updated every few seconds, allowing attackers to gauge the impact of an attack on the entire school.
Moreover, vulnerable software can give a hacker complete control over all target systems, allowing them to attack not only the virtual world but also the physical environment: a hacker could enable the webcam and microphone on a target system, allowing them to physically observe your child and their surroundings.
McAfee Response to Identified Vulnerabilities
Our researchers reported all the vulnerabilities they found to Netop and received a prompt response from Netop. In their latest software release (version 9.7.2), Netop has addressed many of the issues found by the McAfee ATR team. Students can no longer overwrite system files, which reduces the possibility of taking control of a student’s computer. In addition, Windows credentials are now encrypted when sent over the network. Netop also told us that they plan to implement full network encryption in a future update, which will prevent attackers from easily spying on student screens or impersonating teachers.
While Netop is working internally to resolve these issues, there are a few things parents can do to help protect their children in the virtual classroom. Check out the tips below to help your family feel safe using third-party education platforms.
1. Use dedicated devices for remote learning software
If your child needs to use Netop Vision Pro or other third-party software for distance learning, make sure they only use these technologies on devices used for education purposes. If the software contains a bug, it could put other important accounts used for online banking, email, remote work, etc. at risk. Separate devices help avoid this risk.
2. Use comprehensive security software
Remember, Netop Vision Pro was not designed to be connected to the Internet or used off-network at school. Think of the following scenario from a hacker’s perspective: they will use these vulnerabilities to deliver malicious payloads (a type of damaging cyberattack) or phishing attacks. To protect your children from these threats, it’s important to have a comprehensive security solution like McAfee® Total Protection . It protects the whole family from the latest threats and malware, and provides safe web browsing.
3. Maintain open communication with your child’s school
Educators want the best interests and safety of their students first. If you have concerns about the software you are using for distance learning, talk to your child’s teacher or principal. If your child needs to use Netop, make sure they are aware of the vulnerabilities mentioned above so the school can manage any necessary software updates and keep your child and their classmates safe.
4. Use a webcam cover
A simple and effective way to prevent hackers from snooping is to use a webcam cover when class is not in session, so encourage your kids to keep the camera covered when it’s not in use.
Stay up to date
To stay up to date on the latest news about McAfee and mobile security threats, follow us on Twitter @McAfee , subscribe to our email list , listen to our Hackable? podcast , or like us on Facebook .