Students vulnerable for months due to leak in Proctorio

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Tens of thousands of students were vulnerable to hackers for months because of a leak in surveillance software Proctorio. A so-called Universal Cross-Site Scripting attack (UXSS) allowed attackers to look over the shoulder of students unnoticed and steal confidential data such as passwords for online accounts. The exploit came to light in June and was patched soon after.

Due to the corona pandemic, students have not received normal education for almost two years. Taking exams in a large, well-filled lecture hall is not one of them. To ensure that students do not incur study delays or incur additional expenses, most universities and colleges offer the option of digital exams. Everyone can then take an exam from home or a student room.

To ensure that students do not cheat, educational institutions use proctoring software. With this software, invigilators keep a close eye on students, both during and after the exam. These programs have far-reaching possibilities. They can access your webcam and microphone, see what’s on your screen, record keystrokes, and track which websites you’ve visited. Proctoring software can also measure eye movements and take short photos and videos.

According to many students, this is a far-reaching invasion of their privacy. The Central Student Council (CSR) of the University of Amsterdam (UvA) even brought summary proceedings before the court but got the shortest straw. The judge called the use of proctoring software to combat exam fraud a ‘legitimate interest’. The CSR was also unsuccessful on appeal.

The Dutch Data Protection Authority is still investigating the privacy violation of proctoring software.

In the past year, many educational institutions in our country required students to install this proctoring software on their computers. That is, if they wanted to participate in the digital exam. The most popular package is Proctorio. The University of Amsterdam, VU University Amsterdam, Erasmus University Rotterdam, Tilburg University, Amsterdam University of Applied Sciences and Utrecht University of Applied Sciences, among others, use this software.

At the request of a media outlet, Daan Keupers and Thijs Alkemade of Computest Proctorio investigated. The security specialists discovered a vulnerability in the software. A so-called Universal Cross-Site Scripting attack (UXSS) made it possible for hackers and cybercriminals to take over

Read more

Explore the site

More from the blog

Latest News