You are here

CIO News

Los Angeles schools learn lessons from hacked iPads

District may enlist student hackers to help improve security on iPads

Administrators in the Los Angeles USD may tap the skills of students who hacked school-purchased iPads to strengthen security on the mobile devices. A week after the iPads were distributed in September, about 340 students hacked the security system to browse websites like Facebook and Twitter.

“We want to really engage students in this program,” says district spokesperson Shannon Haber.

“It’s an ongoing conversation, and we’re working to strengthen the security system.”

More districts are asking student hackers to help bolster cybersecurity, says Keith Krueger, CEO of the Consortium for School Networking (CoSN). “Helping advise administrators on security breaches gives students responsibility. The best way to identify if your network is at risk is to see who can break into it.”

Students have an inherent interest in pushing the boundaries of the system, and this allows them to channel those skills into something productive for the school, Krueger says. Some schools have created committees of tech-savvy students who provide general tech support to other students and teachers.

At LAUSD, students from Theodore Roosevelt High School, Westchester Enriched Sciences Magnets, and the Fine Arts Academy at Dr. Maya Angelou Community High School removed the mobile device management software that prevents them from freely browsing the web, Haber says.

The breach led Superintendent John Deasy to halt LAUSD’s $1 billion plan in early October to put an iPad in the hands of every student. And students who already have the tablets won’t be able to take them home until the problem is resolved.

To prevent students from using the internet or playing games, one option may be to “lock” the tablets so only district-issued applications are accessible outside of school, Haber says.

But security snags like this should be expected when rolling out 1-to-1 plans, Krueger says. “The goal of educators who are in charge of technology is to minimize risk,” he says. “But it doesn’t matter whether you’re a school or a national security agency—people do hack.”

As districts move away from policies banning mobile phone and tablets in the classroom, administrators should focus on teaching students what is appropriate to access at school or at home, Krueger says. When students act as their own filter, there is less need for strong security measures that block internet access and, in turn, make the device less powerful for learning.

Students should be given an online ethics class when they first get the devices, and there should be further instruction if the technology is used inappropriately, Krueger says. LAUSD is now ramping up its cybersecurity awareness campaign to educate students, staff, and parents.

The district is creating student committees that will spread the word about online safety. And parents must sign a form acknowledging rules for tablet use before the devices can go home with students.

Administrators are also updating discipline policies for students found using the technology inappropriately. “The promotion of digital citizenship—responsible behavior when using technology—is being incorporated into the curriculum and leveraged to create new leadership opportunities for students,” says Haber.

You can join the conversation on District Administration's Facebook page.