Teenager finds educational software exposed millions of student records
Teenager Bill Demirkapi had been ghosted. Hard. "It didn’t feel good," he explained to the large crowd gathered to hear him speak. "It hurt my feelings.”
But Demirkapi, despite his status as a recent high-school graduate, wasn't lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard.
Demirkapi had reported numerous vulnerabilities in Blackboard's software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard's system, was undeterred.
In fact, he was just getting started. And Blackboard wasn't his only target.
Having walked the walk, he now talks the talk.Credit: jack morse / mashableOver the course of his high school career, Demirkapi — a budding security researcher — also investigated K-through-12 software maker Follett. In doing so, he determined the company left millions of student and teacher records exposed to anyone who bothered to look.
Specifically, he explained, there were more than 5 million student and teacher records in the system that covered over 5,000 schools. Left exposed were students' immunization history, attendance data, school photos, birthdays, and more.
"It was my data too in there," he told the audience of decidedly not teenage hackers. "This was pretty crazy stuff."
He tried to do the right thing and notified both his high school and the software manufacturers of his discoveries. Using a flaw in the system to alert students and teachers to its vulnerabilities, however, earned him a two-day suspension.
"Two days off of school," he said of the punishment. "I think it’s a pretty big win-win."
SEE ALSO:Remotely hacking elevator phones shouldn't be this easyEventually, Follett and Blackboard did listen — and many of the vulnerabilities he reported were patched at the end of July.
"Blackboard is always working hard to improve both the security of our products as well as the process and procedures we leverage in support of security," read a statement the company provided Demirkapi and he shared with DEF CON.
Asked by a member of the crowd what he's going to do next, Demirkapi gave an answer that elicited raucous applause from the hacker crowd: "Start college, maybe break their software."
Never give up on your dreams, Bill. The privacy of millions of students and teachers is counting on it.
Featured Video For You
From ATMs to printers, hackers prove you can play 'Doom' on anything
(责任编辑:产品中心)
- ·Tesla's big software update includes something called 'Night Curfew'
- ·车祸女孩遭截肢 家乡人捐款一万元
- ·鲜动羊城!“鱼跃中山”水产品展销走进广州艺术园区
- ·肉质鲜美!泰农黑猪邀您品鉴优质猪肉
- ·When will Trump and Harris debate? The presidential campaigns snipe over ABC News’ rules.
- ·杜锋为首届粤喀篮球嘉年华打call!两地赛事交流不间断
- ·雅女制作感人微电影 《七色花》网络点击突破十万
- ·雅安缴存公积金 成都买房也可用
- ·To Russia, with Love
- ·张勇:广东供应了全国80%以上鳜鱼种苗!“鼎鳜1号”今年推广约5000万尾丨芯时代 最强音