The laptops given out in England to support vulnerable children home-schooling during lockdown contain malware, as covered by the BBC.
The laptops given out in England to support vulnerable children home-schooling during lockdown contain malware, as covered by the BBC.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
7 Responses
<p>This is not the first time schools have had to switch to remote working so the discovery of malware found on laptops handed out by the government is frustrating. Homeschooling is now the de-facto standard for all, yet this school was relying on software that is 9 years out of date. This is a lifetime in the security world when you think about everything that has happened since 2012 – Heartbleed, Wannacry, NotPetya, and the recent SolarWinds breach. The UK aspires to be the safest place to live and work online. The function of schools is to prepare young people for being responsible adults and members of society. Teaching children to use out of date unpatched software riddled with malware is setting poor norms. These laptops are the turkey twizlers of the information world, unhealthy and setting up the next generation for poor cyber health.</p>
<p>The fact that these devices were not checked and scrubbed before being sent to vulnerable children is a concern. The Gamarue worm is not a new malware strain, it was first discovered in 2011 and is just one example of hundreds of such threats that may reside on old, unchecked devices. </p> <p> </p> <p>Gamarue is able to spread across a user’s local network and is also capable of installing additional strains of malware. If such an old worm was discovered on these machines it may not be the only nasty surprise. It’s certainly possible that newer and more severe malware strains are present on devices too. </p> <p> </p> <p>Any families in receipt of a laptop should ensure that antivirus software is installed. As an added precaution, people should also avoid using these devices for anything other than learning. For instance, they shouldn’t be used for accessing email and online bank accounts. If an infection is detected, then the laptop should be powered down immediately and returned to the local authority for inspection.</p>
<p style=\"font-weight: 400;\">It is particularly worrying that some laptops being prepared to hand out to students contain a virus, as one would have thought a proper scan would have highlighted this concern at an earlier stage. However, it is not uncommon to have remnants of computer viruses on second hand machines – which therefore further emphasizes the importance of a thorough scan for malicious software before the initial use.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Any good anti malware product would have detected this worm, highlighting how vital it is to have good internet security on all laptops. Gamarue.1 is an old virus from quite a few years ago, but it still has the potential to be dangerous by disabling some functions or hijacking certain permissions to harvest personal information on the device, including passwords. If left untouched, it could also copy itself onto USBs or other connected devices.</p>
<p>During the start of an academic year and preparing for lock-downs with the pandemic, students and professors alike are often caught in the chaos. Distractions are plentiful as people reconnect from over the break, and individuals navigate new ways of learning and schedules. Information floods in, typically by email and collaboration tooling. Unfortunately, recipients are often ill-prepared to determine if devices are configured with security in mind. New and young students using online learning for the first time are most vulnerable. Seeing that cybercriminals have consistently targeted academic institutions through various threat vectors including phishing campaigns, it would be wise for these education institutions to offer support and training. The training really should be provided prior to providing devices and online system access. It is only through security awareness training that students and staff can make better informed decisions. Partnering with IAM trusted providers to implement two-factor authentication reduces associated risks of unauthorized access to education devices and systems.</p>
<p>In this instance, it may be a case of trying to quickly get laptops into the hands of children so that they could continue their schooling, and perhaps some corners were cut. All computers, no matter the make, model, or operating system should run some type of antivirus or anti-malware protection. All laptops or other devices that are provided for home-schooling should be sourced from a single, virus-free image to ensure the devices are as virus-free as possible. (Although that may not be possible in today\’s always-online world.)</p>
<p>There are many local and national schemes which have been implemented to try and provide devices for school children in an attempt to keep as many as possible engaged in some form of education during school closures and lockdown measures. Whilst it is unclear where these particular laptops were sourced, it is absolutely vital that anyone seeking to source devices, whether they are bought using sponsorship or donated directly, be fully aware of the risk that they may contain dormant or active malicious software and research appropriate methods to make them safe before they are distributed to homes and families. The potential for malicious software to be used against recipients is not limited to the children for which the devices are intended, as access to the internet will no doubt be useful for other family and friends outside of school hours. I would highly recommend that anyone distributing devices include some information about online safety. The National Cyber Security Centre offer free advice on secure home working and the use of online conferencing services such as Zoom and Teams. </p> <p> </p> <p>If anyone is in doubt about the safety and security of devices provided for educational purposes they should contact the Department for Education IT team for advice before distribution.</p>
<p style=\"font-weight: 400;\">Quick action must be taken to ensure that these devices aren\’t used by vulnerable children or their families. Just one use of an infected device could be enough to steal a user\’s credentials, academic work, photos or payment information. It’s clear these machines have not been wiped or updated properly and this raises concern around what else might be present on them, as well as how long these vulnerable children will now be left without devices if they’ve been compromised and need to be cleaned up.</p> <p> </p> <p style=\"font-weight: 400;\">This story is part of a wider challenge facing schools at the moment. They have had to roll out remote learning programs in super quick time, in many cases with limited IT resources and skills. As we have seen with businesses, connecting numerous remote devices to an organisation\’s network can be troublesome even with vast resources on hand.</p> <p> </p> <p style=\"font-weight: 400;\">Schools should work with authorities to identify how many of the 800,000 devices that have been given out contain the malware. Then they must also assess if it\’s just pupils\’ devices that have been compromised or teachers too, as this would cause further problems. We must remember that these efforts are necessary if we are to best protect our children and the unprecedented amount of sensitive information that they are currently uploading to school networks which are often fragile.</p>