MOE to remove Mobile Guardian app from students' devices after cyber-security breach

SINGAPORE — The Mobile Guardian app will be removed from all students' personal learning devices, after a global cyber-security breach affected 13,000 students from 26 secondary schools in Singapore.

In a statement on Aug 5, the Ministry of Education (MOE) said the app will be removed from all iPads and Chromebooks as a precautionary measure, and that efforts are under way to safely restore these devices for normal use.

Mobile Guardian is a device management app that helps parents manage their children's device use, restricting screen time and access to specific websites and apps.

MOE said it was alerted by some schools late at night on Aug 4 that some students who use iPads or Chromebooks were unable to access their applications and information stored in their devices.

Investigations by Mobile Guardian found that there was a cyber-security incident involving unauthorised access to its platform that affected customers globally, including those in Singapore, MOE said.

Affected students had their devices remotely wiped due to the breach, MOE said, adding that there is no evidence that students' files were accessed.

"We understand that students are naturally concerned and anxious about the incident. MOE is working with schools to support affected students, including deploying additional IT roving teams to schools and providing additional learning resources," the ministry said. 

MOE said the security incident on Aug 4 is separate from earlier technical issues faced by students at the end of July 2024.

The Straits Times reported earlier that more than 1,000 students from at least five MOE secondary schools were affected by a glitch on the Mobile Guardian app.

As early as July 30, some students reported that they could not turn their iPads on or switch them off, while others could not connect to Wi-Fi and received the error message: "Guided Access app unavailable. Please contact your administrator."

This glitch was due to a human error in configuration by Mobile Guardian, said MOE.

In a statement on its website on Aug 5, Mobile Guardian said that since the security incident, it has "halted servers in order to prevent further disruption by the perpetrator".

Mobile Guardian said it was alerted to suspicious activity on its platform and detected unauthorised access to its system at 10pm Singapore time on Aug 4.

It said it is currently investigating the breach that affected users globally, including the United States, Europe and Singapore.

"This resulted in a small percentage of devices to be unenrolled from Mobile Guardian and their devices wiped remotely," Mobile Guardian said.

Users should contact their local information technology or IT administrator to reactivate the device, said Mobile Guardian.

This is the second cyber-security incident involving Mobile Guardian in six months.

In April, Mobile Guardian's user management portal at its headquarters in Surrey, Britain, was hacked, resulting in a data leak involving the names and e-mail addresses of parents and teachers of five primary schools and 122 secondary schools in Singapore.

Parents that spoke to The Straits Times said they are at a loss, as their children had lost years' worth of school notes and assignments. Some students also had no warning that their devices were going to be wiped out completely.

One parent, who only wanted to be known as Madam Chan, said that her 15-year-old daughter from Raffles Girls' School reported issues with her device as early as July 31. However, there was no update from the school about the exact nature of the problem.

The 59-year-old who works in human resources said the school informed students on Aug 1 that their devices would have to go through a factory reset, which is a process that clears all data and settings from a device and returns it to its default settings.

"This process led to a few students losing their notes, even though the school said that students should find a solution to back up their notes before the factory reset," she said. However, many students, including her daughter, were unable to back up their devices due to connectivity issues, and as a result still ended up losing some of their notes.

For some other students, their notes had already been wiped out due to the technical issues that surfaced in end July.

Some parents, including Madam Chan herself, said they had planned to go down to the Apple Store to get them to uninstall the app. Madam Chan said that her daughter was too afraid to even turn on the device in case she loses more of her notes.

"Many parents like me are frustrated, and we don't know what to do," she said. "We are most concerned about our children getting their notes back, as well as all their assignments and digital drawings done over the years."

Madam Chan said that other parents in the RGS Year 3 parents' WhatsApp group chat, which has around 290 members, said only 50 appointments were available daily for the school's IT department. According to them, some students had to wait three to four hours to get help with their devices.

"This situation is very stressful all round," she said. She added that each situation was different for each student, and there were no clear instructions on what they could do to back up their devices.

Another parent, who wanted only to be known as Alex, said that at St Andrew's Secondary School, many students took pictures of their documents on their phones to save their notes before visiting the IT department for a factory reset of their devices.

[[nid:683117]]

"As a parent, I am very upset as it distracts the boys unnecessarily and could derail their revision for their term-weighted assessment," said the parent, who is in his 40s and has a son in the school.

"Much of their work is performed on the personal learning device," he said. "Conversely, I am glad to use it as a learning point to teach my son about the inherent flaw in relying too much on technology."

Alex said that students who have had their notes saved on external sites like Google are safe from this glitch, but others would have years of notes wiped out due to the reset.

Another parent with a 13-year-old son in Nan Hua High School said: "Parents are uncertain about how we can help our kids."

"There was a lot of time wasted trying to pinpoint the problem," the 52-year-old homemaker, who wanted only to be known as Madam Lee, said.

She expressed concern about whether the removal of Mobile Guardian is a permanent or temporary solution, and whether children will be able to download other apps freely without supervision in the meantime.

Madam Lee said that her son's device was affected from July 31, and is due to have his device reformatted on August 5.

"We are not actually aware if the breach last night caused further damage or didn't affect the device, since it was already problematic to start with," she said.

Apart from Mobile Guardian, another device management app that MOE uses is Blocksi, which is headquartered in California, United States.

The Straits Times has reached out to the Cyber Security Agency of Singapore and MOE for more information.

[[nid:680574]]

This article was first published in The Straits Times. Permission required for reproduction.

Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.