From credit reporting agencies to hotel enterprises, major data breaches happen daily. However, when was the last time we considered the data security of children and middle-level education students? The infosec community spends so much time thinking about enterprise security and user privacy, but who looks after those who can't defend themselves? Unknown to most, there are only just a handful of major educational software providers—and flaws in any of them can lead to massive holes which expose the confidential information of our rising generation, this speaker included. Additionally, while many dismiss educational data as “just containing grades”, the reality is that these systems store extremely sensitive information from religious beliefs, health and vaccine-related data, to even information about parental abuse and drug use in the family.
This talk will cover never-before-seen research into the handful of prominent educational software companies, the vulnerabilities that were found, the thousands of schools and millions of students affected, and the personal fallout of such research. Vulnerabilities discussed will range from blind SQL injection to leaked credentials for the entire kingdom. If a high school student can compromise the data of over 5 million students and teachers, what can APT do?