Cyberattack Knocks Mobile Guardian MDM Offline, Wipes Thousands of Student Devices (techcrunch.com) 17
Zack Whittaker reports via TechCrunch: A cyberattack on Mobile Guardian, a U.K.-based provider of educational device management software, has sparked outages at schools across the world and has left thousands of students unable to access their files. Mobile Guardian acknowledged the cyberattack in a statement on its website, saying it identified "unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform." The company said the cyberattack "affected users globally," including in North America, Europe and Singapore, and that the incident resulted in an unspecified portion of its userbase having their devices unenrolled from the platform and "wiped remotely." "Users are not currently able to log in to the Mobile Guardian Platform and students will experience restricted access on their devices," the company said.
Mobile device management (MDM) software allows businesses and schools to remotely monitor and manage entire fleets of devices used by employees or students. Singapore's Ministry of Education, touted as a significant customer of Mobile Guardian on the company's website since 2020, said in a statement overnight that thousands of its students had devices remotely wiped during the cyberattack. "Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator," the Singaporean education ministry said in a statement. The ministry said it was removing the Mobile Guardian software from its fleet of student devices, including affected iPads and Chromebooks.
Mobile device management (MDM) software allows businesses and schools to remotely monitor and manage entire fleets of devices used by employees or students. Singapore's Ministry of Education, touted as a significant customer of Mobile Guardian on the company's website since 2020, said in a statement overnight that thousands of its students had devices remotely wiped during the cyberattack. "Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator," the Singaporean education ministry said in a statement. The ministry said it was removing the Mobile Guardian software from its fleet of student devices, including affected iPads and Chromebooks.
Dog ate my homework... (Score:3)
Well, at least this is a better excuse for not having work turned in than "the dog ate my homework". Lots of work for the teachers though, having to recalculate grades.
well if the schools system is down then it's not t (Score:2)
well if the schools system is down then it's not the students fault
Re: (Score:2)
By the reports, the computers were removed from the system and automatically wiped.
So unless the student's work was stored in a cloud that is intact (not guaranteed), it's gone.
Re: (Score:3)
Working in schools and using Chromebooks/iPads/InTune:
If you remove a device from a managed network, the device wipes itself back to factory.
But if you had sync on, the data is still on the cloud storage that you originally had, it's just that the device isn't "managed" any more and so can't access it. They can just log in on the web or other school computers and it'll all be there, if they have even vaguely modern systems and half a brain.
I can remove all the Chromebooks from this school I'm sitting it ri
Re: (Score:2)
Note how I didn't just say 'stored in a cloud', I specified an intact cloud. Given a large intrusion, it is possible that the files on the cloud were also encrypted or wiped.
So 1. They had to have the work synced, and 2. The cloud storage still needs to be intact.
There is likely at least some data loss.
In short, slashdot does know the difference.
Re: (Score:2)
Cloud storage on any large provider, even if compromised, would be restorable in time (maybe not instantly).
There is no suggestion that cloud storage is affected - only the MDM.
It's a hassle, but it's not data loss.
P.S. most schools I've worked in are backing up their cloud storage - it's a standard offering of any backup service now.
Re: (Score:2)
It's a hassle, but it's not data loss.
You still lose the data between the last backup or cloud sync.
It might not be much data, but it's still data.
Re: (Score:2)
It's pathetic amounts of data and only those people who were immediately wrote something and then put there machines into suspend or lost battery power.
It's on the kind of schedules that you would get between typing in a Google Doc live online and it saying "Saved" in the top-left corner, and that's precisely how much data you'd lose.
Guess what kind of service people most often use to word-process on a Chromebook?
It's not not even worth bothering with. Just make sure you have sync enabled, make sure your u
Cool product! (Score:2, Flamebait)
And it teaches students to not trust computers. I call that a big win.
Re: (Score:2)
Students aren't the ones who are going to be upset, they'll be celebrating an excuse for not doing their work. This isn't sending the message you think it is.
Backdoor by design (Score:4, Interesting)
Once you commit to an MDM solution, you have a single point of failure to take out many, many, many devices.
It doesn't even need to be an external hack. It could be simple incompetence, as witnessed in the Crowdstrike incident. It could be a disgruntled employee taking it out on their employer.
If you have a remotely managed device that is live on the network at all times, and you aren't regularly backing up the contents to storage you control, you're accepting the idea that the contents of the device can go *poof* at any moment, whether you realize that or not.
Re: (Score:3)
If you've done it right, there's no critical data on any of those devices. At least from the admin's perspective, the end user may have other ideas but that's their job to handle, and your job to remind them that data stored on those devices isn't p
Re: (Score:3)
Those devices are designed to be disposable. You should be able to handle them crapping the bed relatively easily.
Broadly speaking, organizations are able to handle a few crapping the bed relatively easily. However, you won't be able to handle them *all* crapping the bed at the same time.
The issue with a lot of these management/security solutions is that they just aren't very good quality. You frequently end up with multiple points of failure that are all sufficient to ruin your day (e.g. right now my company's standard load could be killed either by the OS vendor, three distinct "security" suites from three different
till some runs up an big mobile roaming bill due t (Score:2)
till some runs up an big mobile roaming bill due to not being allowed to have offline files
Re: (Score:2)
If you have a remotely managed device that is live on the network at all times, and you aren't regularly backing up the contents to storage you control, you're accepting the idea that the contents of the device can go *poof* at any moment, whether you realize that or not.
Exactly this. If you store anything on the cloud, or use cloud backups, you must accept that it can go away in an instant. This kids might have had their work wiped, and it's just as easy to kill the cloud storage. by preventing access to it. Also, if the system is designed to wipe a computer if somedumass screws up, better hope the cloud doesn't update the storage with the new fresh nothing.
here comes another shrug (Score:2)
what happens when the software you purchased does the thing you purchased the software to prevent? not a lot. we will get an apology from the vendor, and maybe a fancy new name. but that’s about it.
i hope these events get lawyers to negotiate better contracts with real teeth when something goes horribly wrong.
Does Google help out under these circumstances? (Score:2)
I assume internally Google's Chromebook device syncs have a certain level of versioning. Reverting to last good state of the account would go a long way here.