YouTube Video: “serious security risks” in K-12 school apps

Written By Todd Mitchell

Hi I am Todd Mitchell owner of cybersecurity4biz. Today I want to talk about a recent study that discovered “serious security risks” in K-12 school apps.

Many apps used by schools contain features that can lead to the unregulated and out of control sharing of student data to advertising companies and other security issues, according to a report published Monday by the nonprofit Me2B Alliance.

The report follows up on research which audited 73 apps used by 38 schools to find that 60% of them were sending student data to a variety of third parties. Roughly half of them were sending student data to Google, while 14% were sending data to Facebook.

There was a commonly used feature called “WebView,” which allows developers to integrate web pages into apps. Although the feature allows schools to include dynamic details like calendars and results of sporting events in apps without having to update the app itself, it can lead to the siphoning of student data and, in particularly bad cases, students and parents being targeted by scams.

For example, an app used by Maryland’s largest school district accidentally directed users to a compromised site that once was used for the district’s sports teams. The Quinlan, Texas school district had a sports domain integrated into its app that was purchased by an unknown actor for $30 before anyone took action—a security threat that’s sometimes called a “dangling domain.”

Cybercriminals and scammers regularly scan for expired URLs and use them for business email compromise schemes, phishing attacks, and malicious advertising campaigns.

Schools often used private domain registration companies for their non-.gov domain registrations, and then merely forgot to renew the domains. Most didn’t even notice they lost control of the domains until the report came out.

School administrators need to have a solid cybersecurity plan in place and train employees to be aware of the dangers and vulnerabilities they face. HOWEVER this is not just a school thing, every business owner should look at their websites and apps to see if this is happening to you!

Todd Mitchell
Previous

Fredericksburg’s 2022 Local Business Person Of The Year
Next

GET SCHOOLED ON CYBERSECURITY: ONLINE LEARNING SECURITY TIPS FOR STUDENTS #9