LA schoolchildren found having too much fun on their hacked iPads

library
crime | hacking | security

The US school system of Los Angeles, in the state of California, spent $1 billion this year to equip every student with an iPad.

Half of the funds were dedicated to purchasing the tablets, while the other half went to power the WiFi infrastructure that ideally should have fed the students a steady, nourishing diet of bore-your-brains-out curriculum material.

Unfortunately, a virulent plague of fun broke out within the first week of iPad possession after students quickly learned how to kick over the so-called firewall keeping them away from truly interesting things such as Twitter and Facebook.

300 high school ‘hackers’

According to the Los Angeles Times, nearly 300 students at Theodore Roosevelt High School managed to “hack” through security (if you can use that word with a straight face, given how simple it was) so as to surf the Web on their new school-issued iPads.

The LA Times reported on Wednesday that it had gotten a peek at a confidential memo sent by top school brass to senior staff.

In that memo, LA Unified School District Police Chief Steven Zipperman suggested that the district might want to delay distribution of the devices.

It had come to light the day before that students were suffering an outbreak of non-schoolwork-related glee caused by sending tweets, socializing on Facebook, watching videos on YouTube and streaming music through Pandora.

Zipperman wrote:

I’m guessing this is just a sample of what will likely occur on other campuses once this hits Twitter, YouTube or other social media sites explaining to our students how to breach or compromise the security of these devices. … I want to prevent a ‘runaway train’ scenario when we may have the ability to put a hold on the roll-out.

The LA Times reports that the problem of iPad-related fun was also an issue at Westchester High and the Valley Academy of Arts and Sciences in Granada Hills.

When the newspaper asked students to explain what sophisticated hacking technique was used to break the security on the iPads, Roosevelt students explained that the trick was to delete their personal profile information.

Students had begun to tinker with the security lock on the tablets because “they took them home and they can’t do anything with them,” Roosevelt senior Alfredo Garcia told the newspaper.

With their profiles deleted, the students were then free to surf at will.

I’m making fun of the incident only because it boggles my mind.

This school district is on track to spend a total of $1 billion on a technology rollout of expensive gadgets that were secured with a user profile that could be deleted.

Seriously? That was the extent of the security put on these devices?

Was this quote-unquote security vetted by anybody, at any point in the process?

Mind: boggled.

It’s funny, but this incident actually represents a serious problem.

As two senior administrators said in a memo to LA schools Superintendent John Deasy that the LA Times reviewed, the lack of strong security meant that outside of the district’s network, children were free to download content and applications and browse without restriction.

The memo read:

As student safety is of paramount concern, breach of the … system must not occur.

Endangering the school network is one potential danger of unrestricted surfing. The internet can be a slimy place even for grownups, what with the nastyware you can pick up at dodgy sites.

For children, unsupervised, unfettered surfing is dangerous on a deeper, far more disturbing level still.

Those dangers include sextortion, often targeting children, as well as cyberbullying.

From trolls making death threats against children on Facebook to creeps who hack into cell phones to steal and distribute explicit images of children, the internet can be a swamp.

LA has reportedly stopped distributing iPads.

I would sincerely hope that before it starts handing them out again, it finds a way to secure the devices a bit more thoroughly and makes sure it properly configures its firewall.