A globally-used software to guard against people’s overuse of mobile devices has been found with its guard down

Following a significant hacking incident involving a nationally-endorsed software use to control Singapore students’ mobile device usage patterns, the country’s Ministry of Education has announced its decision to eradicate use of the application.

Around 13,000 secondary school students’ iPads or Chromebooks had apparently been wiped clean of certain data remotely, by a hacker — as part of a “global cybersecurity incident” that had affected the Mobile Guardian platform’s users around the world.

The app allows parents to control their children’s device usage by restricting certain applications or websites, and managing their kids’ screen time. According to MOE’s preliminary checks, there has been no evidence of user files being accessed.

Some cybersecurity professionals have weighed-in on this reactionary move. Check Point Software Technologie’sAbhishek Kumar Singh, Head, Security Engineering (Singapore) noted that the developers of globally used software should enhance supply chain security, step up their code audits, and use Mobile Threat Defense solutions “to protect against cyber threats and secure sensitive information about students and staff. By implementing these measures, the Mobile Guardian app can better defend against potential cyber threats and protect the data it handles.”

Synopsys Software Integrity Group’s Senior Director of Security Engineering (APAC) Kelvin Lim commented: “In today’s world where business logics and decisions are processed by applications, software risks are business risks. Upon the removal of application from the students’ devices… parents and teachers will need to encourage and instil responsible digital habits and continue to monitor and guide students in using technology wisely.”

Keeper Security’s CEO and co-founder Darren Guccione reminded schools and educational institutions that they “must rigorously evaluate their third-party vendors, ensuring that they adhere to the highest standards covering data privacy, security and internal controls across native and cloud applications, such as SOC 2 Type 1 and 2 and; ISO 27001, 27017 and 27018 certifications,” and also perform vendor cybersecurity audits. “Institutions should regularly test and update their response strategies to ensure they can quickly and efficiently address evolving cyber incidents. Implementing a zero-trust network architecture within educational environments can limit access to only those resources that are necessary for users, minimizing the blast radius if there is unauthorized access.”