At the request of Daniël Verlaan, tech journalist at RTL Nieuws, security researchers Thijs Alkemade and Daan Keuper of Sector 7, the research department of Computest Security, conducted research into Proctorio's software. This software is used by universities to reduce the chance of cheating during online exams. A serious vulnerability was found during this investigation.
This vulnerability in Proctorio made it possible for cybercriminals to gain access to students' online accounts. After reporting the findings on June 18, Proctorio took immediate action and the vulnerability was quickly resolved. Because this software is automatically updated by default, users do not need to take any action and students are now using a version that is no longer vulnerable to this specific attack.
Read all the technical information in the write-up about the Proctorio hack: Proctorio Chrome extension Universal Cross-Site Scripting
Security advice to students
Especially in this year, students and employees are regularly asked to install software to be able to follow online lectures, take exams, hold meetings or work remotely. Be aware that when new software is installed on a laptop or tablet, this brings new security risks.
- As a result of the research, Keuper and Alkemade advise students to remove Proctorio or other proctoring software from their computers after the exam. "It's generally a good idea to remove plugins you no longer need," explains Alkemade.
- Another tip from ethical hackers Keuper and Alkemade is to use the browser as much as possible and to install as little extra software as possible. "The browser is one of the most secure programs on your computer," Keuper explains. "By doing as much as possible in the browser, such as emailing, video calling and editing documents, you reduce the risk of being hacked. The more software on your computer, the more potential vulnerabilities there are."
>> More about this hack, the consequences of the vulnerability and the advice to students in the article by RTL Nieuws.
>> Read all technical information in the write-up about the Proctorio hack: Proctorio Chrome extension Universal Cross-Site Scripting