Are Your Child's Records at Risk? The Current State of School Infosec

Presented at DEF CON 27 (2019), Aug. 9, 2019, 2 p.m. (45 minutes).

From credit reporting agencies to hotel enterprises, major data breaches happen daily. However, when was the last time we considered the data security of children and middle-level education students? The infosec community spends so much time thinking about enterprise security and user privacy, but who looks after those who can't defend themselves? Unknown to most, there are only just a handful of major educational software providers-and flaws in any of them can lead to massive holes which expose the confidential information of our rising generation, this speaker included. Additionally, while many dismiss educational data as "just containing grades", the reality is that these systems store extremely sensitive information from religious beliefs, health and vaccine-related data, to even information about parental abuse and drug use in the family. This talk will cover never-before-seen research into the handful of prominent educational software companies, the vulnerabilities that were found, the thousands of schools and millions of students affected, and the personal fallout of such research. Vulnerabilities discussed will range from blind SQL injection to leaked credentials for the entire kingdom. If a high school student can compromise the data of over 5 million students and teachers, what can APT do?

Presenters:

  • Bill Demirkapi - Independent Security Researcher
    Bill is a 17-year-old high school student with an intense passion for the information security field. Bill's interests include game hacking, reverse engineering malware, and breaking things. Next year, Bill will be attending the Rochester Institute of Technology where he hopes to grow his career and knowledge in the enormous field of Cybersecurity. In his pursuit to make the world a better place, Bill constantly looks for the next big vulnerability following the motto "break anything and everything". Twitter: https://twitter.com/BillDemirkapi Blog: https://d4stiny.github.io

Links:

Similar Presentations: