Cyber security researchers have found critical vulnerabilities in a popular student monitoring software being used in the remote learning times, which could be used by hackers to gain full access over students computers, compromising their security and privacy.
The McAfee Labs Advanced Threat Research team recently investigated a software called Netop Vision Pro produced by Netop and installed on computers used in several schools.
They discovered four previously unreported critical issues.
“These findings allow for elevation of privileges and ultimately remote code execution, which could be used by a malicious attacker, within the same network, to gain full control over students’ computers,” McAfee researchers said in a statement on Sunday.
They reported the issues with Netop, and the company delivered an updated version in February, effectively patching many of the critical vulnerabilities.
Netop Vision Pro allows teachers to perform tasks remotely on the students’ computers, such as locking their computers, blocking web access, remotely controlling their desktops, running applications, and sharing documents.
Netop Vision Pro is mainly used to manage a classroom or a computer lab in a K-12 environment and is not primarily targeted for eLearning or personal devices.
In other words, the Netop Vision Pro software should never be accessible from the internet in the standard configuration.
“However, as a result of these abnormal times, computers are being loaned to students to continue distance learning, resulting in schooling software being connected to a wide array of networks increasing the attack surface,” the researchers noted.
Netop provides all software as a free trial on its website, which makes it easy for anyone to download and analyse it.
“The network traffic is still unencrypted, including the screenshots of the student computers but Netop has assured us it is working on implementing encryption on all network traffic for a future update,” McAfee researchers said.