Singapore removes Mobile Guardian from students’ iPads

Global hacking incident?

Following news that approximately 13,000 students across 26 secondary schools in Singapore had their iPads and Chromebooks devices remotely erased by a hacker, the Ministry of Education in Singapore has decided to remove the Mobile Guardian application from all students’ devices.

The hacking incident was allegedly part of a “global cybersecurity incident” that affected Mobile Guardian’s platform, impacting customers worldwide, including those in Singapore, reports said.

Singapore removes Mobile Guardian app

Mobile Guardian is a device management application that allows parents to control their children’s device usage by restricting certain applications or websites and managing screen time.

The breach did not result in any evidence of user files being accessed, according to Ministry of Educations’ preliminary checks.

Security experts shared their thoughts on this latest incident. 

Good application security practices

Kelvin Lim, Senior Director, Security Engineering, APAC, Synopsys Software Integrity Group, said: “The hacking incident of Mobile Guardian application serves as a reminder to organizations on the importance of good application security practices to detect and remove any security vulnerabilities in the application.”

The executive added that: “This incident has affected thousands of students in Singapore is likely to have a negative effect on Mobile Guardian’s business and reputation. In today’s world where business logics and decisions are processed by applications, software risks are business risks.”

“Upon the removal of Mobile Guardian application on the students’ devices, the students will have more autonomy and flexibility in using their devices for learning. Parents and teachers will need to encourage and instil responsible digital habits and continue to monitor and guide students in using technology wisely,” Lim said.

Strong cybersecurity in digital tools for education

Abhishek Kumar Singh, Head, Security Engineering, Singapore, Check Point Software Technologies commented: “The Mobile Guardian app breach affecting the Ministry of Education (MOE) shows the need for strong cybersecurity to stop unauthorized access. Addressing these issues can improve the security and reliability of digital tools in education.”

Singh is recommending the following steps to enhance the security of the Mobile Guardian app.

  • Supply Chain Security: Check the security of all partners involved in the app’s development and maintenance. Ensure third-party libraries and services are from trusted sources and updated regularly. Conduct regular penetration tests and manage external attack surfaces.
  • Code Audits: Regularly review the app’s code to find and fix vulnerabilities in third-party components.
  • Mobile Threat Defense (MTD) Solutions: Use MTD solutions for threat prevention, real-time monitoring, and response capabilities. For instance, add an MTD software development kit to the app to protect against cyber threats and secure sensitive information about students and staff.

“By implementing these measures, the Mobile Guardian app can better defend against potential cyber threats and protect the data it handles,” Singh said.

A multilayered approach

Darren Guccione, CEO and co-founder, Keeper Security added: “The recent incident with Mobile Guardian underscores the urgent need for educational institutions to implement a comprehensive and multi-layered approach to cybersecurity. This approach must include stringent vendor management practices and robust technological defenses.”

He added that: “The remote wiping of student devices serves as a stark reminder that cybercriminals will exploit any vulnerability in digital platforms, highlighting the importance of strong cybersecurity measures to protect these systems. This is especially crucial for platforms safeguarding the educational experience of young learners. The swift action by the Ministry of Education (MOE) to remove the Mobile Guardian application is a crucial step in containing the damage.”

Evaluating third-party vendors

“Schools and educational institutions must rigorously evaluate their third-party vendors, ensuring that they adhere to the highest standards covering data privacy, security and internal controls across native and cloud applications – such as SOC 2 Type 1 and 2 and; ISO 27001, 27017 and 27018 certifications. Regular audits and requiring vendors to provide proof of their security controls can help mitigate risks,” Guccione said.

“The prompt response by MOE demonstrates the importance of having an effective incident response plan. Institutions should regularly test and update their response strategies to ensure they can quickly and efficiently address evolving cyber incidents. Implementing a zero-trust network architecture within educational environments can limit access to only those resources that are necessary for users, minimizing the blast radius if there is unauthorized access.”

The executive further said continuous education and training for staff, students and parents on cybersecurity best practices are essential.

“This includes recognizing phishing attempts, securing devices and understanding the importance of strong, unique passwords. Schools need to develop and enforce comprehensive security policies that cover all aspects of digital usage, from device management to data protection,” the executive said.

READ MORE TECH NEWS.