Schools in Singapore are removing the Mobile Guardian device management app from use in schools after the app suffered a massive data breach.
Mobile Guardian is an app that lets administrators manage screen usage and what websites devices can connect to, making it an important tool for controlling students’ online activity during class.
The breach resulted in 13,000 students from 26 different schools having their data wiped remotely by hackers. The affected devices included Apple iPads and Chromebooks the school provides students during class.
After being informed of the potential breach, Mobile Guardian launched an internal investigation. It quickly discovered that its systems were hacked by threat actors. Its global clientele was affected by the attack, not just schools.
Singapore’s Ministry of Education (MOE) was informed of the problem on Sunday and promptly called for the removal of the app from schools, as well as other precautions.
“Efforts are underway to safely restore these devices to normal usage. MOE is considering other mitigating measures to regulate device usage to support learning during this period,” they explain in a recent statement. “We understand that students are naturally concerned and anxious about the incident. MOE is working with schools to support affected students, including deploying additional IT roving teams to schools and providing additional learning resources.”
There is reason to believe that the breach was caused by Mobile Guardian’s failure to provide adequate security levels to their app.
“This is a question of supply chain security and vendor management. Apparently, GovTech or MOE underestimated the risk of the system and did not ensure that the controls that were put in place by Mobile Guardian were appropriate,” explains Kevin Reed chief information security officer of Acronis.
Fortunately, there is no evidence to suggest the threat actor gained administrative control over files, meaning it’s unlikely that they obtained sensitive user data or infected Singapore schools with malware.